phpPgAds / phpAdsNew logout.php sessionID SQL Injection

2005-11-10T02:33:54
ID OSVDB:20744
Type osvdb
Reporter Toni Koivunen(toni.koivunen@fitsec.com)
Modified 2005-11-10T02:33:54

Description

Vulnerability Description

phpAdsNew contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the logout.php script not properly sanitizing user-supplied input via the sessionID. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 2.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpAdsNew contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the logout.php script not properly sanitizing user-supplied input via the sessionID. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://phpadsnew.com/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942 Secunia Advisory ID:17464 Related OSVDB ID: 20741 Related OSVDB ID: 20740 Related OSVDB ID: 20735 Related OSVDB ID: 20736 Related OSVDB ID: 20737 Related OSVDB ID: 20739 Related OSVDB ID: 20742 Related OSVDB ID: 20738 Related OSVDB ID: 20743 Related OSVDB ID: 20745 Other Advisory URL: http://www.fitsec.com/advisories/FS-05-01.txt Other Advisory URL: http://www.zone-h.org/en/advisories/read/id=8413/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0279.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0257.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0445.html Keyword: FS-05-01,ZRCAS-200502 FrSIRT Advisory: ADV-2005-2380 CVE-2005-3646 Bugtraq ID: 15385