MaxWebPortal dl_toprated.asp SQL Injection

2005-04-27T04:24:33
ID OSVDB:16315
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-04-27T04:24:33

Description

Vulnerability Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to input passed to the 'dl_toprated.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MaxWebPortal.com has released a patch to address this vulnerability.

Short Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to input passed to the 'dl_toprated.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

dl_toprated.asp?10 RATING,Votes,DESCRIPTION,NAME,POST_DATE,1,1,1,1,1,1,1 FROM DL union select m_username,m_password,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS where m_username='admin' union select

References:

Vendor URL: http://www.maxwebportal.com/ Vendor Specific Solution URL: http://www.maxwebportal.info/downloads/mwp_security_fixes.zip Vendor Specific News/Changelog Entry: http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update Security Tracker: 1013845 Secunia Advisory ID:15214 Secunia Advisory ID:15329 Related OSVDB ID: 16306 Related OSVDB ID: 16312 Related OSVDB ID: 16317 Related OSVDB ID: 16307 Related OSVDB ID: 16311 Related OSVDB ID: 16316 Related OSVDB ID: 16318 Related OSVDB ID: 16308 Related OSVDB ID: 16309 Related OSVDB ID: 16310 Related OSVDB ID: 16313 Related OSVDB ID: 16314 CVE-2005-1417 Bugtraq ID: 13466