Free Hosting Manager Multiple SQL Injection Vulnerabilities
BID:58656
Info
Free Hosting Manager Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 58656 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2013 12:00AM |
| Updated: | Mar 23 2013 12:00AM |
| Credit: | Saadat Ullah |
| Vulnerable: |
Free Hosting Manager Free Hosting Manager 2.0.2 |
| Not Vulnerable: | |
Discussion
Free Hosting Manager Multiple SQL Injection Vulnerabilities
Free Hosting Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Free Hosting Manager 2.0.2 is vulnerable; other versions may also be affected.
Free Hosting Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Free Hosting Manager 2.0.2 is vulnerable; other versions may also be affected.
Exploit / POC
Free Hosting Manager Multiple SQL Injection Vulnerabilities
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/clients/reset.php?code=[SQLi]
http://www.example.com/clients/tickets.php?id=[SQLi]
http://www.example.com/clients/viewaccount.php?id=[SQLi]
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/clients/reset.php?code=[SQLi]
http://www.example.com/clients/tickets.php?id=[SQLi]
http://www.example.com/clients/viewaccount.php?id=[SQLi]
Solution / Fix
Free Hosting Manager Multiple SQL Injection Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Free Hosting Manager Multiple SQL Injection Vulnerabilities
References:
References:
- Free Hosting Manager Homepage (Free Hosting Manager)