Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJesper JurcenoksPACKETSTORM:57214
HistoryJun 19, 2007 - 12:00 a.m.

wsportal-sql.txt

2007-06-1900:00:00
Jesper Jurcenoks
packetstormsecurity.com
21

0.004 Low

EPSS

Percentile

70.2%

JSON
`netVigilance Security Advisory #33  
WSPortal version 1.0 SQL Injection Vulnerability   
Description:  
WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the  
site or a specific ip address, private messaging system between administrators.  
Successful exploitation requires PHP magic_quotes_gpc set to Off.  
Advisory URL:   
http://www.netvigilance.com/advisory0033  
External References:   
Mitre CVE: CVE-2007-3128  
NVD NIST: CVE-2007-3128  
OSVDB: 34164  
Summary:   
WSPortal is a site management system coded in PHP/MySQL.   
A security problem in the product allows attackers to commit SQL injection.  
Release Date:  
06/17/2007  
  
Severity:  
Risk: High  
  
CVSS Metrics  
Access Vector: Remote  
Access Complexity: High  
Authentication: Not-required  
Confidentiality Impact: Complete  
Integrity Impact: Partial  
Availability Impact: Partial  
Impact Bias: Confidentiality  
CVSS Base Score: 6.8  
  
Target Distribution on Internet: Low  
  
Exploitability: Functional Exploit  
Remediation Level: Workaround  
Report Confidence: Uncorroborated  
  
Vulnerability Impact: Attack  
Host Impact: SQL Injection.  
SecureScout Testcase ID:  
TC 17963  
Vulnerable Systems:  
WSPortal version 1.0  
Vulnerability Type:  
SQL injection allows malicious people to execute their own SQL scripts. This could be exploited to obtain sensitive data, modify database contents,  
sending anonymous emails to other recipients or acquire administrator's privileges.  
Vendor:  
Chris Harvey  
Vendor Status:  
The Vendor has been notified several times on many different email addresses last on 6 June 2007. The Vendor has not responded. There is no official fix  
at the release of this Security Advisory.  
Workaround:  
In the php.ini file set magic_quotes_gpc = On.  
Example:   
REQUEST:  
http://[TARGET]/[WSPORTAL-DIRECTORY]/content.php?page=0' UNION SELECT `username`,`password` FROM `users` WHERE '1  
REPLY:  
<legend><b><font color="#FF0000"> [SQL INJECTION RESULT: ADMIN NAME] </font></b>  
</legend> [SQL INJECTION RESULT: ADMIN PASSWORD] </fieldset></font>  
Credits:   
Jesper Jurcenoks  
Co-founder netVigilance, Inc  
www.netvigilance.com  
  
`

Related

securityvulns 3
cve 1
prion 1
securityvulns
securityvulns
[Full-disclosure] WSPortal version 1.0 SQL Injection Vulnerability
2007-06-18 00:00:00
Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities
2007-06-26 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-06-18 00:00:00
cve
cve
CVE-2007-3128
2007-06-19 17:30:00
prion
prion
Sql injection
2007-06-19 17:30:00

0.004 Low

EPSS

Percentile

70.2%

JSON
Related for PACKETSTORM:57214
securityvulns3cve1prion1