Handshakes Professional 4.1 SQL Injection

2012-10-02T00:00:00
ID PACKETSTORM:117065
Type packetstorm
Reporter HTTPCS
Modified 2012-10-02T00:00:00

Description

                                        
                                            `HTTPCS Advisory : HTTPCS70  
Product : Handshakes Professional  
Version : 4.1  
Date : 2012-10-01  
Criticality level : Highly Critical  
Description : A vulnerability has been discovered in Handshakes Professional,  
which can be exploited by malicious people to conduct SQL injection attacks.  
Input passed via the 'frm_id' parameter to '/index.php' is not properly  
sanitised before being used in a SQL query. This can be exploited to manipulate  
SQL queries by injecting arbitrary SQL code.  
Page : /index.php  
Variables : page=forum&section=forum&frm_id=[VulnHTTPCS]  
Type : SQLI  
Method : GET  
Solution :  
References : https://www.httpcs.com/advisory/httpcs70  
Credit : HTTPCS [Web Vulnerability Scanner]  
`