Liberum Help Desk register.asp edit Variable SQL Injection

2005-06-01T23:17:57
ID OSVDB:17196
Type osvdb
Reporter the_day(the_day@echo.or.id)
Modified 2005-06-01T23:17:57

Description

Vulnerability Description

Liberum Help Desk contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'edit' variable in the 'register.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Liberum Help Desk contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'edit' variable in the 'register.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/liberum/register.asp?edit='[SQL Injection]

References:

Vendor URL: http://www.liberum.org Secunia Advisory ID:15593 Related OSVDB ID: 17193 Related OSVDB ID: 17194 Related OSVDB ID: 17195 Other Advisory URL: http://echo.or.id/adv/adv14-theday-2005.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0003.html ISS X-Force ID: 20868 CVE-2005-1839