pdjk-support suite sql inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/pdjk-support-suite-sql-inj.html Vendor:http://support.pdjkeelan.com/ affected vesion: 1.1a retail edition and prior.
Product Description: The pdjk-support suite is a full suite of online technical support segments. These segments include: New's - The ability to add news to the front page of your support suite and allow users to comment on the news articles. FAQ's - Sorted into Categories, Sub-categories, most viewed, newest entries etc. Users can also submit FAQ's for administration approval and FAQ's can also be commented on similar to the news commenting system. Admin's can also include HTML in their FAQ's. Support - This allows users to submit support tickets so that a administrator can respond with the help they need, the support ticket can be opened/closed by both the admin and the user. Admin's can also include HTML in their entries. Custom fields in the support tickets. E-mail notification about support tickets for admin's for individual departments or all departments. Administration Panel – A very easy to use but in-depth admin panel featuring administration for all of the features in the support suite. Other sections include: - Search - Dynamic ranks - Dynamic Departments - Template Creator - Indepth logging system - Easy-to-use installer
Vuln. Description: Input passed to the "rowstart" "news_id" "faq_id" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example: /index.php?page=home&order=&orderby=&rowstart=[SQL] /index.php?page=news&subsection=viewcomments&news_id=[SQL] /index.php?page=faq&subsection=viewfaq&faq_id=[SQL]
Edit the source code to ensure that input is properly sanitised.