Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
BID:20970
CVE-2006-5840 |Info
Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 20970 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Dec 05 2006 06:34PM |
| Credit: | Benjamin Moss & Laurent Gaffi are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
abarcar Realty Portal Realty Portal 6.0.1 abarcar Realty Portal Realty Portal 5.1.5 |
| Not Vulnerable: |
abarcar Realty Portal System 7.2 abarcar Realty Portal System 7.1 abarcar Realty Portal System 7.0 |
Discussion
Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
Abarcar Realty Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Abarcar Realty Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Exploit / POC
Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
Attackers can exploit these issues via a web client.
The following example URIs are available:
http://www.example.com/newsdetails.php?neid=[sql]
http://www.example.com/slistl.php?slid=[sql]
Attackers can exploit these issues via a web client.
The following example URIs are available:
http://www.example.com/newsdetails.php?neid=[sql]
http://www.example.com/slistl.php?slid=[sql]
Solution / Fix
Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
Solution:
These issues do not affect Abarcar Realty Portal 7.0 and later versions. See the referenced vendor's homepage for information on how to obtain and apply an upgrade.
Solution:
These issues do not affect Abarcar Realty Portal 7.0 and later versions. See the referenced vendor's homepage for information on how to obtain and apply an upgrade.
References
Abarcar Realty Portal Multiple SQL Injection Vulnerabilities
References:
References: