Multiple AJ Square Products SQL Injection Vulnerabilities

Bugtraq ID:	22808
Class:	Input Validation Error
CVE:	CVE-2007-1295
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	May 12 2015 07:29PM
Credit:	Ajann is credited with the discovery of these vulnerabilities.
Vulnerable:	AJSquare AJDating 1.0 AJSquare AJ Classifieds 1.0 AJSquare AJ Auction 1.0
Not Vulnerable:

Multiple AJ Square Products SQL Injection Vulnerabilities

Multiple AJ Square products are prone to SQL-injection vulnerabilities because they fail to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the software, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Version 1.0 of each application is vulnerable to these issues.

Multiple AJ Square Products SQL Injection Vulnerabilities

An attacker can exploit these issues with a web client.

The following proof-of-concept exploits are available:

• /data/vulnerabilities/exploits/AJDating_rexp_SQL.html
• /data/vulnerabilities/exploits/AJ Auction_rexp_SQL.pl
• /data/vulnerabilities/exploits/AJ Classifieds_rexp_SQL.html
• /data/vulnerabilities/exploits/AJForum_rexp_SQL.pl

Multiple AJ Square Products SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AJ Square Products SQL Injection Vulnerabilities

References:

• Vendor Homepage (AJ Square)