Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10360
HistoryNov 25, 2005 - 12:00 a.m.

Helpdesk Issue Manager v0.9 SQL inj.

2005-11-2500:00:00
vulners.com
9

Helpdesk Issue Manager v0.9 SQL inj.
Vuln. dicovered by : r0t
Date: 25 nov. 2005
Orginal advisory:http://pridels.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.html
Vendor:http://helpdesk.centralmanclc.com/
affected vesion:v0.9 and prior

Vuln. Description:
Input passed to the "id" parameter in "issue.php" isn't properly
sanitised before being used in a SQL query.
And parameters in "find.php" isn't properly sanitised before being
used in a SQL query.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

examples:
/issue.php?id=[SQL]
/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
/find.php?page=0&act=action&orderby=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.