[SA24620] PortailPHP "idnews" SQL Injection Vulnerability

Les derniers commentaires publiés sur SecuObs (1-5):

- ESRT @devilok - Buck Security - Collection of security checks for Linux - WhatWeb v0.4 - released - SQLmap 0.8 has been Released - Video : Discovering CSRF with OWASP's CSRFTester Tool - How your email gets hacked Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA24620] PortailPHP "idnews" SQL Injection Vulnerability

Want a new job? link://[click] Secunia is looking for new researchers with a reversing background and experience in writing exploit code: link://[click] link://[click] link://[click]

TITLE: PortailPHP "idnews" SQL Injection Vulnerability

SECUNIA ADVISORY ID: SA24620

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of sensitive information

WHERE: From remote SOFTWARE: PortailPHP 2.x link://[click]

DESCRIPTION: xoron has discovered a vulnerability in PortailPHP, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "idnews" parameter in index.php (when "affiche" is set to "Comment" and "act" to "lire") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator password hashes.

The vulnerability is confirmed in version 2.0. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: xoron

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA24630] PHP "unserialize()" S: Data Type Information Leak
Suivant par Date: [SA24622] aspWebCalendar FREE "eventid" SQL Injection
Precedent par fil : [SA24630] PHP "unserialize()" S: Data Type Information Leak
Suivant par fil : [SA24622] aspWebCalendar FREE "eventid" SQL Injection
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- Sniff-n-Spit v1.0 - intercepting communications - RFID reader for iPhone - Fimap alpha v0.8 released - ESRT @Opexxx - Add IPv6 DNS Brute Forcing - Metasploit DNS Enum module - ESRT @nevdull77 - XSS demo steals password from password manager - Video : ESRT @SecurityTube - Video Internet Explorer Iepeers Pointer Exploit - ESRT @0x58 @packet_storm - Adobe PDF LibTiff Integer Overflow - Video : ESRT @TimelessP - Aurora Exploit with alternate payload passing throu - ESRT @ITVulnerability - PeerSec MatrixSSL - Embedded SSL and TLS implementati - ESRT @packet_storm - Nux Keylogger 0.0.1 - ESRT @threatpost - New capabilities are strengthening the ZeuS botnet allowin - Wireshark Display Filters cheatsheet v2.0 - tcpdump cheatsheet v2.0 - ESRT @virturity - Virtualization security assessment modules for Metasploit V - ESRT @opexxx - Meterpreter script for extracting information from Windows lnk - Update on Microsoft Security Advisory 981374 - SSD Tools Crack Passwords 100 Times Faster - phpMyAdmin version 3.3.0 suffers from a cross site scripting vulnerability - libcap-ng 0.6.3 - iScanner v0.4 released - Malicious codes scanner Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, linux, metasploit, bluetooth, protocol, vista, réseaux, shell, scanner, engineering, rootkit, wishmaster, trames, conférence, source, paquet, téléphone, mobile, sysun, noyau, rapport, botnet, téléphones, mémoire, https, navigateur, intel, patch, reverse, libre, scapy, securitech + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38905 Debian update for linux-2.6 - SA38927 Fedora update for cups - SA38932 Apple Safari Multiple Vulnerabilities - SA38900 Eros Webkatalog id SQL Injection Vulnerability - SA38888 Unbound Memory Alignment Denial of Service + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure FreeBSD and OpenBSD ftpd bug (not exploitable?) - Full-disclosure Vulnerability httpdx v1.5.3 - Full-disclosure PlumberCon 10 - Call for Papers - Re: Full-disclosure SecurityFocus to partially shut down + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Zigurrat CMS SQL Injection Vulnerability - Pars CMS SQL Injection Vulnerability - Tool sqlmap 0.8 released - Vulnerability in phpAdsNew, OpenAds and OpenX - HITB-Announce HITBSecConf2010 - Dubai Agenda Released - Ananta Gazelle SQL Injection Vulnerability + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, ettercap, wireshark, shmoocon, hacker, firewall, internet, knoppix, rootkit, arduino, conference, source, wireless, backtrack, openbsd, brucon, systm, overflow, openssh, buffer, access, remote + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter