Confixx DB Parameter SQL Injection Vulnerability
BID:9830
Info
Confixx DB Parameter SQL Injection Vulnerability
| Bugtraq ID: | 9830 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2004 12:00AM |
| Updated: | Mar 09 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to wkr. |
| Vulnerable: |
SWSoft Confixx Pro 2 |
| Not Vulnerable: | |
Discussion
Confixx DB Parameter SQL Injection Vulnerability
It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "db_mysql_loeschen2.php" script. When a user is requesting the "db_mysql_loeschen2.php" script, one of the parameters that can be passed to the script is "db". There are no checks on the value of this variable before it is used in an SQL query string.
Consequently, malicious users may corrupt the resulting SQL queries by specially crafting a value for the "db" variable.
It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "db_mysql_loeschen2.php" script. When a user is requesting the "db_mysql_loeschen2.php" script, one of the parameters that can be passed to the script is "db". There are no checks on the value of this variable before it is used in an SQL query string.
Consequently, malicious users may corrupt the resulting SQL queries by specially crafting a value for the "db" variable.
Exploit / POC
Confixx DB Parameter SQL Injection Vulnerability
The following proof of concept has been supplied:
db_mysql_loeschen2.php?db=' or 1 or 1='
The following proof of concept has been supplied:
db_mysql_loeschen2.php?db=' or 1 or 1='
Solution / Fix
Confixx DB Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.