Helm Control Panel Compose Message Form messageToUserAccNum Parameter SQL Injection

2004-11-02T09:49:44
ID OSVDB:11384
Type osvdb
Reporter Behrang Fouladi (behrang@hat-squad.com)
Modified 2004-11-02T09:49:44

Description

Vulnerability Description

Helm Web Hosting Control Panel Compose Message form contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'messageToUserAccNum' parameter in the Compose Message Form is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 3.1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Helm Web Hosting Control Panel Compose Message form contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'messageToUserAccNum' parameter in the Compose Message Form is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

[username]',[messageid],[isread]); [arbitrary sql query];--

Example: xxxx',10,0); insert into account(accountnumber,accounttype,accountpassword) values('root',0,'');--

References:

Vendor URL: http://helm.webhostautomation.com Security Tracker: 1012047 Secunia Advisory ID:13079 Related OSVDB ID: 11385 Packet Storm: http://packetstormsecurity.org/0411-advisories/000077.txt Other Advisory URL: http://www.hat-squad.com/en/000077.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0041.html CVE-2004-1498