Dragonfly Commerce dc_forum_Postslist.asp SQL Injection

2005-07-12T04:49:43
ID OSVDB:18445
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-07-12T04:49:43

Description

Vulnerability Description

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_forum_Postslist.asp script not properly sanitizing user-supplied input to the 'start', 'key_mp', 'searchtype', or 'psearch' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

The vendor has disputed this issue saying that the error messages are a result of invalid input.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_forum_Postslist.asp script not properly sanitizing user-supplied input to the 'start', 'key_mp', 'searchtype', or 'psearch' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor Specific Advisory URL Security Tracker: 1014451 Secunia Advisory ID:16007 Related OSVDB ID: 18442 Related OSVDB ID: 18449 Related OSVDB ID: 18441 Related OSVDB ID: 18443 Related OSVDB ID: 18444 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0196.html CVE-2005-2221