phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
BID:30386
Info
phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
| Bugtraq ID: | 30386 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3407 CVE-2008-3406 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 26 2008 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | Encrypt3d.M!nd |
| Vulnerable: |
phpLinkat phpLinkat 0.1 .0 |
| Not Vulnerable: | |
Discussion
phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
phpLinkat is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The application is also vulnerable to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker could leverage the authentication-bypass vulnerability to gain administrative access to the affected application.
phpLinkat 0.1 is vulnerable; other versions may also be affected.
phpLinkat is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The application is also vulnerable to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker could leverage the authentication-bypass vulnerability to gain administrative access to the affected application.
phpLinkat 0.1 is vulnerable; other versions may also be affected.
Exploit / POC
phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
Attackers can use a browser to exploit these issues.
The following URI is available:
http://www.example.com/showcat.php?catid=666%20union%20select%20concat(version(),0x3a,database(),0x3a,user()),2,3,4,5,6/*
Attackers can use a browser to exploit these issues.
The following URI is available:
http://www.example.com/showcat.php?catid=666%20union%20select%20concat(version(),0x3a,database(),0x3a,user()),2,3,4,5,6/*
Solution / Fix
phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
References:
References:
- milw0rm advisory (milw0rm)