Creative Community Portal Multiple SQL Injection Vulnerabilities
BID:17890
Info
Creative Community Portal Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 17890 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2006 12:00AM |
| Updated: | May 09 2006 07:54PM |
| Credit: | r0t is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Creative Software UK Community Portal 1.1 |
| Not Vulnerable: | |
Discussion
Creative Community Portal Multiple SQL Injection Vulnerabilities
Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 1.1 of Creative Community Portal is vulnerable to these issues; other versions may also be affected.
Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 1.1 of Creative Community Portal is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Creative Community Portal Multiple SQL Injection Vulnerabilities
These issues can be exploited through a web client.
The following example URIs are sufficient to demonstrate these vulnerabilities:
http://www.example.com/ArticleView.php?article_id=[SQL]
http://www.example.com/DiscView.php?mid=144&forum_id=[SQL]
http://www.example.com/Discussions.php?forum_id=[SQL]
http://www.example.com/EventView.php?event_id=[SQL]
http://www.example.com/PollResults.php?answer_id=32&AddVote=[SQL]
http://www.example.com/PollResults.php?answer_id=[SQL]
http://www.example.com/DiscReply.php?forum_id=1&mid=[SQL]
These issues can be exploited through a web client.
The following example URIs are sufficient to demonstrate these vulnerabilities:
http://www.example.com/ArticleView.php?article_id=[SQL]
http://www.example.com/DiscView.php?mid=144&forum_id=[SQL]
http://www.example.com/Discussions.php?forum_id=[SQL]
http://www.example.com/EventView.php?event_id=[SQL]
http://www.example.com/PollResults.php?answer_id=32&AddVote=[SQL]
http://www.example.com/PollResults.php?answer_id=[SQL]
http://www.example.com/DiscReply.php?forum_id=1&mid=[SQL]
Solution / Fix
Creative Community Portal Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Creative Community Portal Multiple SQL Injection Vulnerabilities
References:
References:
- Community Portal Home Page (Creative Software UK)
- Creative Community Portal vuln. (r0t)