[38943] in bugtraq
SQL injections in PortailPHP
daemon@ATHENA.MIT.EDU (CENSORED)
Mon May 23 12:44:59 2005
Date: 21 May 2005 23:09:56 -0000
Message-ID: <20050521230956.27066.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: CENSORED <censored@mail.ru>
To: bugtraq@securityfocus.com
svadvisory*5
-------------------------------------------------------------
Title: SQL injections in PortailPHP |
The program: PortailPHP v 1.3 |
Homepage: http://www.portailphp.com/ ------------
Has found: CENSORED | 14.05.05 |
-------------------------------------------------------------
The description
-------------------------------------------------------------|
Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
Since this parameter is involved in all modules, all of them
Are vulnerable.
It occurs because of absence of a filtration of parameter id.
Examples
-------------------------------------------------------------|
http://example/index.php?affiche=News&id='[SQL inj]
http://example/index.php?affiche=File&id='[SQL inj]
http://example/index.php?affiche=Liens&id='[SQL inj]
http://example/index.php?affiche=Faq&id='[SQL inj]
The conclusion
-------------------------------------------------------------|
Vulnerability is found out in version 1.3, on other versions
Did not check. Probably they too are vulnerable.
*************************************************************
CENSORED || Search Vulnerabilities Team || www.svt.nukleon.us
