DataparkSearch Malformed Hostname SQL Injection Vulnerability
BID:20872
Info
DataparkSearch Malformed Hostname SQL Injection Vulnerability
| Bugtraq ID: | 20872 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2006 12:00AM |
| Updated: | Nov 02 2006 10:02PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
DataparkSearch DataparkSearch Engine 4.42 DataparkSearch DataparkSearch Engine 4.37 DataparkSearch DataparkSearch Engine 4.36 DataparkSearch DataparkSearch Engine 4.35 DataparkSearch DataparkSearch Engine 4.34 DataparkSearch DataparkSearch Engine 4.33 DataparkSearch DataparkSearch Engine 4.32 DataparkSearch DataparkSearch Engine 4.31 DataparkSearch DataparkSearch Engine 4.30 DataparkSearch DataparkSearch Engine 4.29 DataparkSearch DataparkSearch Engine 4.28 DataparkSearch DataparkSearch Engine 4.27 DataparkSearch DataparkSearch Engine 4.26 DataparkSearch DataparkSearch Engine 4.25 DataparkSearch DataparkSearch Engine 4.24 DataparkSearch DataparkSearch Engine 4.23 DataparkSearch DataparkSearch Engine 4.22 DataparkSearch DataparkSearch Engine 4.21 DataparkSearch DataparkSearch Engine 4.20 DataparkSearch DataparkSearch Engine 4.19 DataparkSearch DataparkSearch Engine 4.18 DataparkSearch DataparkSearch Engine 4.17 DataparkSearch DataparkSearch Engine 4.16 |
| Not Vulnerable: |
DataparkSearch DataparkSearch Engine 4.43 |
Discussion
DataparkSearch Malformed Hostname SQL Injection Vulnerability
DataparkSearch is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
DataparkSearch 4.42 and prior versions are vulnerable.
DataparkSearch is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
DataparkSearch 4.42 and prior versions are vulnerable.
Exploit / POC
DataparkSearch Malformed Hostname SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
DataparkSearch Malformed Hostname SQL Injection Vulnerability
Solution:
The vendor has released version 4.43 to address this issue; please see the references for details.
DataparkSearch DataparkSearch Engine 4.25
DataparkSearch DataparkSearch Engine 4.34
DataparkSearch DataparkSearch Engine 4.29
DataparkSearch DataparkSearch Engine 4.28
DataparkSearch DataparkSearch Engine 4.31
DataparkSearch DataparkSearch Engine 4.24
DataparkSearch DataparkSearch Engine 4.23
DataparkSearch DataparkSearch Engine 4.32
DataparkSearch DataparkSearch Engine 4.33
DataparkSearch DataparkSearch Engine 4.26
DataparkSearch DataparkSearch Engine 4.20
DataparkSearch DataparkSearch Engine 4.35
DataparkSearch DataparkSearch Engine 4.27
DataparkSearch DataparkSearch Engine 4.37
DataparkSearch DataparkSearch Engine 4.42
DataparkSearch DataparkSearch Engine 4.18
DataparkSearch DataparkSearch Engine 4.30
DataparkSearch DataparkSearch Engine 4.22
DataparkSearch DataparkSearch Engine 4.21
DataparkSearch DataparkSearch Engine 4.36
DataparkSearch DataparkSearch Engine 4.17
DataparkSearch DataparkSearch Engine 4.16
DataparkSearch DataparkSearch Engine 4.19
Solution:
The vendor has released version 4.43 to address this issue; please see the references for details.
DataparkSearch DataparkSearch Engine 4.25
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.34
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.29
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.28
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.31
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.24
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.23
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.32
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.33
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.26
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.20
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.35
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.27
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.37
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.42
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.18
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.30
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.22
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.21
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.36
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.17
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.16
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
DataparkSearch DataparkSearch Engine 4.19
-
DataparkSearch dpsearch-4.43.tar.gz
http://www.dataparksearch.org/dpsearch-4.43.tar.gz
References
DataparkSearch Malformed Hostname SQL Injection Vulnerability
References:
References:
- DataparkSearch Engine ChangeLog (DataparkSearch)
- DataparkSearch Engine Home Page (DataparkSearch)