PlaySMS Cookie SQL Injection

2004-08-18T00:00:00
ID OSVDB:8984
Type osvdb
Reporter Noam Rathaus(expert@securiteam.com)
Modified 2004-08-18T00:00:00

Description

Vulnerability Description

PlaySMS contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that if the magic_quotes_gpc option is disabled, the "vc2" variable in the cookie is not verified properly and will allow an attacker to inject or manipulate SQL queries. (NOTE: Note that setting "magic_quotes_gpc" to "Off" is discouraged by the author of the program in the INSTALL file).

Solution Description

Upgrade to version 0.7.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PlaySMS contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that if the magic_quotes_gpc option is disabled, the "vc2" variable in the cookie is not verified properly and will allow an attacker to inject or manipulate SQL queries. (NOTE: Note that setting "magic_quotes_gpc" to "Off" is discouraged by the author of the program in the INSTALL file).

References:

Vendor URL: http://playsms.sourceforge.net/ Security Tracker: 1010984 Other Advisory URL: http://www.securiteam.com/unixfocus/5UP0F2ADPS.html ISS X-Force ID: 17031 CVE-2004-2263 Bugtraq ID: 10970