phpBugTracker bug.php Multiple Variable SQL Injection

2004-04-14T00:00:00
ID OSVDB:5384
Type osvdb
Reporter JeiAr(jeiar@gulftech.org)
Modified 2004-04-14T00:00:00

Description

Vulnerability Description

phpBugTracker contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the multiple variables in the "bug.php" script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, frog-m@n from phpsecure.info has released a patch to address this vulnerability.

Short Description

phpBugTracker contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the multiple variables in the "bug.php" script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/bug.php?op=vote&bugid=[SQL] http://[victim]/bug.php?op=viewvotes&bugid=[SQL]

References:

Vendor URL: http://phpbt.sourceforge.net/ Secunia Advisory ID:11416 Related OSVDB ID: 5383 Related OSVDB ID: 5385 Other Solution URL: http://www.phpsecure.info/v2/.php?zone=pDl&id=169 Other Advisory URL: http://www.gulftech.org/04142004.php Bugtraq ID: 10153