AzDGDatingPlatinum index.php from Variable SQL Injection

2005-04-09T00:00:12
ID OSVDB:15525
Type osvdb
Reporter kre0n(kre0n@mail.ru)
Modified 2005-04-09T00:00:12

Description

Vulnerability Description

AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'from' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'from' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/members/index.php?l=default&a=v&from=[SQL CODE]

References:

Vendor URL: http://www.azdg.com/ Related OSVDB ID: 15524 Related OSVDB ID: 15526 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0143.html