Vulners
Lucene search
geoauctionsSQL.txt
`------=_Part_10286_255599.1153211407989
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Be kind to publish it quickly,
Regards,
Angel Team
[NewAngels Advisory #12] GeoAuctions Enterprise & Others - Blind SQL
Injection Vulnerability
============================================================================================
Vendor => http://www.geodesicsolutions.com/
Date:
Jul 15 2006
Risk = HIGH
Version:
1.0.6
Credit:
=======
NewAngels Team (newangels-team.eu) - Discovered By LBDT
Description:
GeoAuctions Enterprise is our flagship auctions software product. Html
template based, endless auctions, Standard auctions,
Dutch auctions, Feedback rating system, Fees before and after the auction,
Buy Now, Site Balance system, Invoicing system,
and much, much, more... This auction software is designed for the serious
auction site owner.
Affected file:
index.php
Blind SQL Injection in "d" parameter. If there're no acumulative feedbacks
sql injection won't be possible...
Part of /classes/browse_display_auction.php:
$this->sql_query = "select * from ".$this->user_groups_price_plans_table."
where id = ".$show->SELLER;
$seller_group_result = $db->Execute($this->sql_query);
.
.
.
.
$template = str_replace("<<FEEDBACK_LINK>>",
"<a
href=".$this->configuration_data->AUCTIONS_FILE_NAME."?a=1030&b=".$id."&d=".$show->SELLER.
"
class=display_auction_value>".stripslashes(urldecode($this->messages[102717]))."</a>",$template);
Example:
http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=~SELLER~
If it says "There are no current feedbacks" injection doesn't exist... But
if there're feedbacks:
http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=[SQL]
Google search -> inurl:"index.php?a=1002"
I also have seen the same one in other company softwares but with other
parameters, eg:
Soft -> GeoAuctions Premier v2.0.3 & GeoClassifieds Basic Version v2.0.3
http://www.site.com/GeoAuctions/index.php?a=2&b=[SQL]
Google search -> inurl:"index.php?a=2"
I think that the vendor must check out all his packs. because the most of
'em have this vuln.
------=_Part_10286_255599.1153211407989
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Be kind to publish it quickly,<br><br>Regards,<br><br>Angel Team<br><br>[NewAngels Advisory #12] GeoAuctions Enterprise & Others - Blind SQL Injection Vulnerability<br>============================================================================================
<br><br>Vendor => <a href="http://www.geodesicsolutions.com/">http://www.geodesicsolutions.com/</a><br><br>Date:<br>Jul 15 2006<br><br>Risk = HIGH<br><br>Version:<br>1.0.6<br><br>Credit:<br>=======<br>NewAngels Team (newangels-team.eu
) - Discovered By LBDT<br><br>Description:<br>GeoAuctions Enterprise is our flagship auctions software product. Html template based, endless auctions, Standard auctions, <br>Dutch auctions, Feedback rating system, Fees before and after the auction, Buy Now, Site Balance system, Invoicing system,
<br>and much, much, more... This auction software is designed for the serious auction site owner.<br><br>Affected file:<br>index.php<br><br>Blind SQL Injection in "d" parameter. If there're no acumulative feedbacks sql injection won't be possible...
<br><br>Part of /classes/browse_display_auction.php:<br><br>$this->sql_query = "select * from ".$this->user_groups_price_plans_table." where id = ".$show->SELLER;<br>$seller_group_result = $db->Execute($this->sql_query);
<br>.<br>.<br>.<br>.<br>$template = str_replace("<<FEEDBACK_LINK>>",<br>"<a href=".$this->configuration_data->AUCTIONS_FILE_NAME."?a=1030&b=".$id."&d=".$show->SELLER.
<br>" class=display_auction_value>".stripslashes(urldecode($this->messages[102717]))."</a>",$template);<br><br>Example:<br><a href="http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=~SELLER~">
http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=~SELLER~</a><br><br>If it says "There are no current feedbacks" injection doesn't exist... But if there're feedbacks:<br><br><a href="http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=[SQL]">
http://www.site.com/GeoAuctionsEnterprise/index.php?a=1030&b=~ID_NUMBER~&d=[SQL]</a><br><br>Google search -> inurl:"index.php?a=1002"<br><br>I also have seen the same one in other company softwares but with other parameters, eg:
<br><br>Soft -> GeoAuctions Premier v2.0.3 & GeoClassifieds Basic Version v2.0.3<br><br><a href="http://www.site.com/GeoAuctions/index.php?a=2&b=[SQL]">http://www.site.com/GeoAuctions/index.php?a=2&b=[SQL]</a>
<br><br>Google search -> inurl:"index.php?a=2"<br><br>I think that the vendor must check out all his packs. because the most of 'em have this vuln.<br>
------=_Part_10286_255599.1153211407989--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jul 2006 00:00Current
7.4High risk
Vulners AI Score7.4