SQL Injection Vulnerability in PHP Newsfeed

Summary

Vulnerability
SQL Injection Vulnerability in PHP Newsfeed
Discovered
2006.04.30
Last Update
2006.05.10 Exploitation code published
ID
EV0129
CVE
CVE-2006-2139
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
PHP Newsfeed (http://www.wilsonncareabusinesses.com/indexFrame.php?subpage=phpnewsfeed.php)
Version
2004/07/23
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in PHP Newsfeed (http://www.wilsonncareabusinesses.com/indexFrame.php?subpage=phpnewsfeed.php) script.

SQL Injection.

Vulnerable scripts:
deltables.php
manualsubmit.php
delete.php
searchnews.php

Parameters name(deltables.php), select(manualsubmit.php), header(manualsubmit.php), url(manualsubmit.php), source(manualsubmit.php), time(manualsubmit.php), num(delete.php), tablename(searchnews.php) are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

PoC/Exploit

SQL Injection Example.

URL: http://[host]/deltables.php?name=' [SQL expr] /*

Solution.

Solution for "SQL Injection Vulnerability in PHP Newsfeed" is not available. Check vendor's website for updates.