66 lines
No EOL
1.2 KiB
Text
66 lines
No EOL
1.2 KiB
Text
phpCheckZ 1.1.0 Blind SQL Injection Vulnerability
|
|
|
|
Name phpCheckZ
|
|
Vendor http://www.phpcheckz.com
|
|
Versions Affected 1.1.0
|
|
|
|
Author Salvatore Fresta aka Drosophila
|
|
Website http://www.salvatorefresta.net
|
|
Contact salvatorefresta [at] gmail [dot] com
|
|
Date 2010-10-19
|
|
|
|
X. INDEX
|
|
|
|
I. ABOUT THE APPLICATION
|
|
II. DESCRIPTION
|
|
III. ANALYSIS
|
|
IV. SAMPLE CODE
|
|
V. FIX
|
|
|
|
|
|
I. ABOUT THE APPLICATION
|
|
________________________
|
|
|
|
phpCheckZ is a web application that allows you to easily
|
|
create checklists for your website.
|
|
|
|
|
|
II. DESCRIPTION
|
|
_______________
|
|
|
|
A parameter is not properly sanitised before being used
|
|
in a SQL query.
|
|
|
|
|
|
III. ANALYSIS
|
|
_____________
|
|
|
|
Summary:
|
|
|
|
A) Blind SQL Injection
|
|
|
|
|
|
A) Blind SQL Injection
|
|
______________________
|
|
|
|
The parameters id in chart.php is not properly sanitised
|
|
before being used in a SQL query. This can be exploited
|
|
to manipulate SQL queries by injecting arbitrary SQL code.
|
|
|
|
Successful exploitation requires that "magic_quotes_gpc"
|
|
is disabled.
|
|
|
|
|
|
IV. SAMPLE CODE
|
|
_______________
|
|
|
|
A) Blind SQL Injection
|
|
|
|
http://site/path/chart.php?id=1' AND '1'='1
|
|
http://site/path/chart.php?id=1' AND '1'='0
|
|
|
|
|
|
V. FIX
|
|
______
|
|
|
|
No fix. |