phpMyRealty search.php type Variable SQL Injection

2007-12-18T00:00:00
ID OSVDB:39268
Type osvdb
Reporter OSVDB
Modified 2007-12-18T00:00:00

Description

Vulnerability Description

phpMyRealty contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the type variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

Manual Testing Notes

http://[target]/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_admins http://[target]/search.php?type=-1+union+select+concat_ws(char(58),login,password)+from+pmr_users

References:

Vendor URL: http://www.phpmyrealty.com/ Secunia Advisory ID:28155 Related OSVDB ID: 39268 Related OSVDB ID: 1017854 ISS X-Force ID: 39121 Generic Exploit URL: http://www.milw0rm.com/exploits/4750 CVE-2007-6472 Bugtraq ID: 26932