Flying Dog Software Powerslave 4.3 Portalmanager sql_id Information Disclosure Vulnerability

2003-09-19T00:00:00
ID EDB-ID:23163
Type exploitdb
Reporter H Zero Seven
Modified 2003-09-19T00:00:00

Description

Flying Dog Software Powerslave 4.3 Portalmanager sql_id Information Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8659/info

It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances.

Successful exploitation of this vulnerability may allow an attacker to disclose sensitive information about the database that may be used to launch further attacks against a vulnerable system.

Powerslave version 4.3 is reported to be prone to this vulnerability, however other versions may be affected as well.

http://www.example.com/powerslave,id,10;,nodeid,,_language,uk.html
|
|- ; or modified querys
and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;