CitrusDB 0.3.6 importcc.php CSV File SQL Injection

2005-02-15T00:00:00
ID EDB-ID:25101
Type exploitdb
Reporter RedTeam Pentesting
Modified 2005-02-15T00:00:00

Description

CitrusDB 0.3.6 importcc.php CSV File SQL Injection. CVE-2005-0410. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/12557/info
  
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.
  
These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

THe following proof of concept demonstrates the SQL injection vulnerability:
Reportedly supplying ',,,,, as the contents of the uploaded csv file will make the SQL query in './citrusdb/tools/importcc.php' fail.