68KB 'search.php' Search Function SQL Injection Vulnerability

Bugtraq ID:	39818
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 28 2010 12:00AM
Updated:	Mar 28 2010 12:00AM
Credit:	Jelmer de Hen
Vulnerable:	68designs 68KB 1.0.0rc4 68designs 68KB 1.0.0rc2
Not Vulnerable:

68KB 'search.php' Search Function SQL Injection Vulnerability

68KB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

68KB 1.0.0rc4 is vulnerable; other versions may also be affected.

68KB 'search.php' Search Function SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example data is available :

Inject the following into the search field.

%')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#

68KB 'search.php' Search Function SQL Injection Vulnerability

Solution:
Updates are available. Please see the references for details.

68KB 'search.php' Search Function SQL Injection Vulnerability

References:

• 68KB - Homepage (68designs)
  
• Another try at fixing the search bug (68designs)