Lucene search

K

EV0026.txt

🗓️ 15 Jan 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

New eVuln Advisory: TankLogger SQL Injection Vulnerability. Variables $livestock_id tank_id isn't properly sanitized before being used in a SQL query. Exploit available

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`New eVuln Advisory:  
TankLogger SQL Injection Vulnerability  
  
--------------------Summary----------------  
  
Software: TankLogger  
Sowtware's Web Site: http://tanklogger.sourceforge.net/  
Versions: 2.4  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
eVuln ID: EV0026  
  
-----------------Description---------------  
Vulnerable script:  
general_functions.php  
  
Variables $livestock_id tank_id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: gpc_magic_quotes: off  
  
--------------Exploit----------------------  
SQL Injection Example:  
  
http://host/exp/tanklogger/showInfo.php?livestock_id=99'%20union%20select%201,2,3,4,5,6,7,8,9/*  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Original Advisory:  
http://evuln.com/vulns/26/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4
19
.json
Report