Helpdesk Issue Manager v0.9 SQL inj.
Vuln. dicovered by : r0t
Date: 25 nov. 2005
Orginal advisory:http://pridels.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.html
Vendor:http://helpdesk.centralmanclc.com/
affected vesion:v0.9 and prior
Vuln. Description:
Input passed to the "id" parameter in "issue.php" isn't properly
sanitised before being used in a SQL query.
And parameters in "find.php" isn't properly sanitised before being
used in a SQL query.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
examples:
/issue.php?id=[SQL]
/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
/find.php?page=0&act=action&orderby=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.