ModernBill user.php Multiple Variable SQL Injection

2006-04-18T10:17:33
ID OSVDB:24749
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-04-18T10:17:33

Description

Manual Testing Notes

/user.php?op=menu&tile=mysupport&type=view&id=1[SQL] /user.php?op=menu&tile=mysupport&type=details&id=(existing id number)[SQL] /user.php?op=client_invoice&db_table=client_invoice&tile=myinvoices&print=&id=invoice_id|2869[SQL]

References:

Vendor URL: http://www.moderngigabyte.com/ Secunia Advisory ID:19641 Related OSVDB ID: 24750 Other Advisory URL: http://pridels.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html FrSIRT Advisory: ADV-2006-1415 CVE-2006-1853 Bugtraq ID: 17596