cSupport "pg" SQL inj.

2005-11-25T00:00:00
ID SECURITYVULNS:DOC:10354
Type securityvulns
Reporter Securityvulns
Modified 2005-11-25T00:00:00

Description

cSupport "pg" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/csupport-pg-sql-inj.html Vendor:www.forperfect.com Product link:http://www.forperfect.com/csupport/ affected vesion:1.0 and prior

Vuln. Description: Input passed to the "pg" parameter in "tickets.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples: /csupport/tickets.php?param=dept&dirc=&pg=[SQL] /csupport/tickets.php?param=dept&dirc=ASC&pg=[SQL] /csupport/tickets.php?param=dept&dirc=DESC&pg=[SQL] /csupport/tickets.php?param=name&dirc=&pg=[SQL] /csupport/tickets.php?param=subject&dirc=ASC&pg=[SQL] /csupport/tickets.php?param=timestamp&dirc=DESC&pg=[SQL] /csupport/tickets.php?param=id&dirc=ASC&pg=[SQL]

Solution: Edit the source code to ensure that input is properly sanitised.