[UNIX] SQL Injection Vulnerability in FuzzyMonkey My Classifieds SQL
From: SecuriTeam (support_at_securiteam.com)
Date: 10/22/03
- Previous message: SecuriTeam: "[TOOL] Local Area Security Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 22 Oct 2003 11:07:57 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
SQL Injection Vulnerability in FuzzyMonkey My Classifieds SQL
------------------------------------------------------------------------
SUMMARY
<http://fuzzymonkey.org/newfuzzy/software/perl/classifieds/readme.html>
My Classifieds SQL is a "Perl/CGI/MySQL script which will quickly and
easily allow the hosting of a classifieds forum on a website. Users can
browse the ads, but must log in with their email and password before being
allowed to post an ad".
My Classifieds SQL is vulnerable to a SQL injection attack. The problem is
due to improper sensitization of user input for the $emailvariable. A
remote attacker could insert arbitrary SQL code in the $emailvariable. The
vulnerability allows the passwords of the users to be written into a file
and made world readable.
DETAILS
Vulnerable Systems:
* FuzzyMonkey My Classifieds SQL version 2.11
Immune Systems:
* FuzzyMonkey My Classifieds SQL version 2.13
Exploit:
If the value of $email is aaa@aaa.com' OR 1=1 INTO
OUTFILE'/<directory-path>/pass.txt, the SQL request becomes:
select passmd5 from people where email=' aaa@aaa.com' OR 1=1 INTO
OUTFILE'/<directory-path>/pass.txt'
Resulting in the passwords of the users being written into the file
pass.txt.
Impact:
A malicious attacker can obtain passwords of users.
Solution:
Upgrade to version 2.13, available from:
<http://www.fuzzymonkey.org/files/myclassifiedssql-2.13.tar.gz>
http://www.fuzzymonkey.org/files/myclassifiedssql-2.13.tar.gz
Vulnerability History:
15 Oct 2003 Identified by Ezhilan of Sintelli
15 Oct 2003 Issue disclosed to FuzzyMonkey (Erin)
16 Oct 2003 Vulnerability confirmed by Erin
18 Oct 2003 Fix available
18 Oct 2003 Sintelli confirms vulnerability has been addressed
18 Oct 2003 Sintelli Public Disclosure
ADDITIONAL INFORMATION
The information has been provided by <mailto:sintraq at sintelli.com>
Sintelli SINTRAQ
The original article can be found at:
<http://www.sintelli.com/adv/sa-2003-04-myclassified.pdf>
http://www.sintelli.com/adv/sa-2003-04-myclassified.pdf
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] Local Area Security Linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
