Web Application Security Advisories / Exploits - SQL Injections
September 15th, 2008
Here is a round up of the interesting SQL injections that were reported today. If you run any of these make sure you update. If you don’t run any of these then you lucked out this time, but there is still time for more to be reported today.
phsBlog “sql_cid” SQL Injection Vulnerability
http://secunia.com/Advisories/31815/
http://www.phsdev.com/phsblog.php
phsBlog is a well liked script on hot scripts. Too bad they didn’t properly sanitize all of their inputs properly. This one could potentially leave a lot of people with holes in their blog.
PSCRIPT Forum “showprofil.php” SQL Injection Vulnerability
http://secunia.com/Advisories/31872/
http://www.frsirt.com/english/advisories/2008/2559
http://milw0rm.com/exploits/6442
Reported under different names on frsirt and secunia, but essentially the same attack or exploit. This issue is caused by an validation of input error in the “showprofil.php” script when the “id” parameter is processed. We all know what happens next with SQL injections. Reported on milw0rm.
vbLOGIX Tutorials SQL Exploit
http://www.frsirt.com/english/advisories/2008/2563
http://secunia.com/Advisories/31829/
Product: http://www.vblogix.com/
There are so many open source “Tutorials” scripts out there that it seems silly to pay for one. vbLOGIX does have one you can pay for, and it just so happens that they now have a SQL injection. It does not disclose what information can be accessed via the SQL injection, but it could be anything, logins and passwords being the most dangerous or manipulations of data being minor (depending on your business).
Ruby on Rails “:limit” and “:offset” SQL Injection Vulnerabilities
http://www.frsirt.com/english/advisories/2008/2562
http://secunia.com/Advisories/31910/
Two vulnerabilities have been identified in Ruby on Rails, which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in ActiveRecord when processing the “:limit” and “:offset” parameters, which could be exploited by malicious people to conduct SQL injection attacks.
WebPortal “aid” Parameter Remote SQL Injection Vulnerability
http://www.frsirt.com/english/advisories/2008/2560
Summary: “download.php” script when processing the “aid” parameter
I don’t exactly know why this “WebPortal” is listed as a vulnerability. There is no additional information as to who makes this product. WebPortals are pretty common on the web these days and think that this advisory should be more specific. Props to StAkeR for finding it though.
iBoutique “cat” Parameter Remote SQL Injection Vulnerability
http://www.frsirt.com/english/advisories/2008/2561
http://www.netartmedia.net/iboutique/
iBoutique is an online “boutique” store, so naturally this should be given some credit. This one needs to be updated if you run it.
Vulnerability: A vulnerability has been identified in iBoutique, which could be exploited by attackers to manipulate and inject SQL queries. This issue is caused by an input validation error in the “index.php” script when processing the “cat” parameter while “mod” is set to “products”, which could be exploited by malicious people to conduct SQL injection attacks and gain knowledge of sensitive information.
Entry Filed under: Virus/Worms, Web Application Security
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed