Flying Dog Software Powerslave 4.3 Portalmanager sql_id Information Disclosure Vulnerability

ID SSV:76939
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in the sql_id parameter. An attacker may insert malformed SQL queries in sql_id, resulting in the software generating an error message and disclosing sensitive database information. Although unconfirmed attackers may also be able to execute arbitrary SQL commands under certain circumstances.

Successful exploitation of this vulnerability may allow an attacker to disclose sensitive information about the database that may be used to launch further attacks against a vulnerable system.

Powerslave version 4.3 is reported to be prone to this vulnerability, however other versions may be affected as well.,id,10;,nodeid,,_language,uk.html
|- ; or modified querys
and table-numbers.

Error: Could't find article!
SELECT example_table.* FROM example_table WHERE example_table.ID=10;