{"lastseen": "2017-11-19T14:39:46", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "href": "https://www.seebug.org/vuldb/ssvid-67155", "references": [], "enchantments_done": [], "id": "SSV:67155", "title": "Digital Scribe 1.4.1 - Multiple SQL Injection Vulnerabilities", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 12, "sourceData": "\n Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities\r\n\r\n Name Digital Scribe\r\n Vendor http://www.digital-scribe.org\r\n Versions Affected 1.4.1\r\n\r\n Author Salvatore Fresta aka Drosophila\r\n Website http://www.salvatorefresta.net\r\n Contact salvatorefresta [at] gmail [dot] com\r\n Date 2009-12-11\r\n\r\nX. INDEX\r\n\r\n I. ABOUT THE APPLICATION\r\n II. DESCRIPTION\r\n III. ANALYSIS\r\n IV. SAMPLE CODE\r\n V. FIX\r\n VI. DISCLOSURE TIMELINE\r\n\r\n\r\nI. ABOUT THE APPLICATION\r\n\r\nThe Digital Scribe is a free, intuitive system designed to\r\nhelp teachers put student work and homework assignments\r\nonline.\r\n\r\n\r\nII. DESCRIPTION\r\n\r\nThis application is affected by many SQL Injection\r\nsecurity flaws. In order to exploit they, the Magic Quotes\r\nGPG (php.ini) must be Off except one.\r\nI tested 1.4.1 version only, however other versions may be\r\nalso vulnerable.\r\n\r\n\r\nIII. ANALYSIS\r\n\r\nSummary:\r\n\r\n A) Multiple SQL Injection\r\n\r\nA) Multiple SQL Injection\r\n\r\nMultiple SQL Injection issues has been found in Digital\r\nScribe version 1.4.1 and no authentication is required\r\nin order to exploit these vulnerabilities.\r\nThe most issues required the Magic Quotes GPG setted to\r\noff except one (stuworkdisplay.php).\r\nFor semplicity I reported only this last one vulnerable\r\ncode.\r\n\r\nVulnerable code:\r\n\r\n........\r\n\r\n $show = mysql_query("SELECT * FROM ".$conf['tbl']['projecttable']."\r\nWHERE(ID=$HTTP_GET_VARS[ID])");\r\n\r\n........\r\n\r\n\r\nIV. SAMPLE CODE\r\n\r\nhttp://site/path/stuworkdisplay.php?ID=-1) UNION ALL SELECT\r\nversion(),user(),3,4,5,6,7,8,9,10,11%23\r\n\r\n\r\nV. FIX\r\n\r\n$id = intval($_GET['ID']);\r\n$show = mysql_query("SELECT * FROM ".$conf['tbl']['projecttable']."\r\nWHERE(ID=$id)");\r\n\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n2009-12-11 Bug discovered\r\n2009-12-11 Initial vendor contact\r\n2009-12-11 Advisory Release\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-67155", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645557827, "score": 1659785532, "epss": 1678848988}}
Digital Scribe 1.4.1 - Multiple SQL Injection Vulnerabilities