[UNIX] AutoRank PHP SQL Injection Vulnerabilities

From: SecuriTeam (support_at_securiteam.com)
Date: 12/22/03

  • Next message: SecuriTeam: "[UNIX] osCommerce Malformed Session ID XSS" 
    To: list@securiteam.com
Date: 22 Dec 2003 13:58:01 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      AutoRank PHP SQL Injection Vulnerabilities
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.jmbsoft.com/software/arphp/> AutoRank PHP is "our next
    generation toplist software, written completely in PHP and backed by a
    MySQL database". AutoRank PHP is vulnerable to SQL Injection attacks.

    DETAILS

    Vulnerable systems:
     * AutoRank PHP version 2.0.4

    The vulnerabilities can be exploited by injecting SQL queries into the
    user & password fields when editing an account, the email field when
    requesting a lost password and the username field when registering an
    account. If a malicious attacker logs in with the username and password
    '-- he will automatically be given access to the first account cataloged
    in the database. He can then view the HTML source code to view that user's
    password in plain text. This also leaves the database being used by
    AutoRank PHP open for attack. The affected file is accounts.php.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:security@gulftech.org>
    JeiAr.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] osCommerce Malformed Session ID XSS"

    Relevant Pages

    • [REVS] Acoustic Cryptanalysis: On Nosy People and Noisy Machines
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... emitted by a computer's CPU. ... systems is side-channel attacks: ... desktop and laptop computers, and in all cases it was possible to ...
      (Securiteam)
    • Re: [Full-disclosure] Web Honeynet Project: announcement, exploit URLs this Wednesday
      ... The newly formed Web Honeynet Project from SecuriTeam and the ISOTF will ... in the next few months announce research on real-world web server attacks ... cross-platform (for web servers) and currently exploited in the wild. ... The Web Honeynet Project will, for now, not deal with the regular SQL ...
      (Full-Disclosure)
    • [NT] Blank Administrator Password on OEM Windows XP Installation
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Use of this account will allow anyone with physical ... * DELL Laptops with pre installed Microsoft Windows XP Professional SP2 ... is prompted to create a regular user account for general use. ...
      (Securiteam)
    • [NEWS] Dedicated Mobile Services Carry Out Anonymous Web Attacks
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... to anonymously browse web resources and execute attacks against them. ... An attacker can take advantage of the Google's WMLProxy Service by sending ... a HTTP GET request with carefully modified URL of a malicious nature. ...
      (Securiteam)
    • [REVS] IPv6 Address Cookies
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... IPv6 Address Cookies ... Internet is a serious problem. ... utilize the large IPv6 address space to mitigate spoofed attacks. ...
      (Securiteam)