BID:30277

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

Info

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

Bugtraq ID:	30277
Class:	Input Validation Error
CVE:	CVE-2008-3250
Remote:	Yes
Local:	No
Published:	Jul 17 2008 12:00AM
Updated:	Apr 16 2015 05:58PM
Credit:	QTRinux
Vulnerable:	Arctic Issue Tracker 2.0

Not Vulnerable:	Arctic Issue Tracker 2.0.1

Discussion

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

Arctic Issue Tracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Arctic Issue Tracker v2.0.0 is vulnerable; other versions may also be affected.

Exploit / POC

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following example URI and exploit code are available:

http://www.example.com/index.php?filter=-1%20union%20select%201,2,3,concat(username,0x3a,password),5%20from%20arctic_user%20where%20id=1--

/data/vulnerabilities/exploits/30277.pl

Solution / Fix

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

Solution:
The vendor has released Arctic Issue Tracker 2.0.1 to address this issue. Please contact the vendor for information on obtaining the update.

References

Arctic Issue Tracker 'filter' Parameter SQL Injection Vulnerability

References:

Arctic Issue Tracker Homepage (Arctic)