PHPNews Auth.PHP SQL Injection Vulnerability
TITLE: PHPNews Auth.PHP SQL Injection Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jul 20 2005 12:00AM
UPDATE: Jul 20 2005 12:00AM
CREDIT: ghc@ghc.ru is credited with the discovery of this vulnerability.
VULNERABLE:
PHPNews PHPNews 1.2.6NOT VULNERABLE:
PHPNews PHPNews 1.2.5
PHPNews PHPNews 1.2.4
PHPNews PHPNews 1.2.3
Vai alla pagina originale su Security Focus
Discussion
PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit
An example of exploitation is as follows: (please note that magic_quotes_gpc must be set to 0 for this to succeed)
Navigate to the user logon form.
Enter the following string into the Username field:
anything' or '1'='1'/*
followed by any characters in the Password field.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
References
References:
- PHPNews Home Page (PHPNews)
- PHPNews SQL injection vulnerability (ghc@ghc.ru)
- Re: PHPNews SQL injection vulnerability (foster GHC