Layton Technology HelpBox 3.0.1 - Multiple SQL Injection Vulnerabilities

2004-07-21T00:00:00
ID EDB-ID:24303
Type exploitdb
Reporter Noam Rathaus
Modified 2004-07-21T00:00:00

Description

Layton Technology HelpBox 3.0.1 Multiple SQL Injection Vulnerabilities. CVE-2004-2551. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/10776/info

It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. 

These problems present themselves when malicious SQL statements are passed to certain scripts.

Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server.

These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

HelpBox version 3.0.1 is reported vulnerable to these issues.

http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'