Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
BID:58092
Info
Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
| Bugtraq ID: | 58092 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Feb 21 2013 12:00AM |
| Credit: | cr4wl3r |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
Web Cookbook is prone to an SQL-injection vulnerability and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Web Cookbook is prone to an SQL-injection vulnerability and an information-disclosure vulnerability.
Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/[path]/rezeptanzeige.php?currid=[SQLi]
http://www.example.com/[path]/admin/dumpdb.php?outfile=../[file]
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/[path]/rezeptanzeige.php?currid=[SQLi]
http://www.example.com/[path]/admin/dumpdb.php?outfile=../[file]
Solution / Fix
Web Cookbook SQL Injection and Information Disclosure Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].