PHP Arena paCheckbook index.php Multiple Variable SQL Injection

2006-05-08T11:47:34
ID OSVDB:25349
Type osvdb
Reporter aLMaSTeR HaCKeR(almaster@hotmail.com)
Modified 2006-05-08T11:47:34

Description

Vulnerability Description

psCheckbook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "transtype" and "entry" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, PHP Arena has released a patch to address this vulnerability.

Short Description

psCheckbook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "transtype" and "entry" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/index.php?action=add&transtype=[code]&acct=1 http://[target]/index.php?action=edit&start=0&transtype=1&entry=[code]

References:

Vendor URL: http://www.phparena.net/scripts.php?script=pacheckbook Vendor Specific Solution URL: http://www.phparena.net/forums/showthread.php?p=15974 Secunia Advisory ID:20008 ISS X-Force ID: 26356 Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/pacheckbook-1.1-mutlsql.txt FrSIRT Advisory: ADV-2006-1691 CVE-2006-2209 Bugtraq ID: 17821