Geeklog comment.php pid Variable SQL Injection

2002-08-16T00:00:00
ID OSVDB:8031
Type osvdb
Reporter OSVDB
Modified 2002-08-16T00:00:00

Description

Vulnerability Description

GeekLog contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'pid' variable in the 'comment.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 1.3.5sr1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

GeekLog contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'pid' variable in the 'comment.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/comment.php?mode=display&sid=foo&pid=PROBLEM_HERE&title=ALPER_Research_Labs

References:

Vendor URL: http://www.geeklog.net/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html ISS X-Force ID: 9311 CVE-2002-0963 Bugtraq ID: 4968