Buddy Zone view_group.php group_id Variable SQL Injection

2006-06-30T09:33:59
ID OSVDB:26985
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-30T09:33:59

Description

Vulnerability Description

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_group.php script not properly sanitizing user-supplied input to the 'group_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Buddy Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_group.php script not properly sanitizing user-supplied input to the 'group_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/view_group.php?group_id='

References:

Vendor URL: http://www.vastal.com/buddy-zone-social-networking-script.html Secunia Advisory ID:20933 Related OSVDB ID: 26981 Related OSVDB ID: 26982 Related OSVDB ID: 26983 Related OSVDB ID: 26986 Related OSVDB ID: 26979 Related OSVDB ID: 26980 Related OSVDB ID: 26984 Related OSVDB ID: 26987 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0011.html ISS X-Force ID: 27514 ISS X-Force ID: 27515 FrSIRT Advisory: ADV-2006-2645 CVE-2006-3494