BID:51596

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

Info

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

Bugtraq ID:	51596
Class:	Input Validation Error
CVE:	CVE-2012-5313
Remote:	Yes
Local:	No
Published:	Jan 20 2012 12:00AM
Updated:	Oct 10 2012 06:20PM
Credit:	Snup
Vulnerable:	Snitz Forums 2000 Snitz Forums 2000 0

Not Vulnerable:

Discussion

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploit / POC

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/forum.asp?TOPIC_ID=[SQL]

Solution / Fix

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Snitz Forums 2000 'TOPIC_ID' Parameter SQL Injection Vulnerability

References:

Snitz Communications 2010/11 - SQL Injection Vulnerability (Snup)
Snitz Forums 2000 Homepage (Snitz Forums 2000)