Recent Unauthorized Data Modification vulnerabilities

Here is short summary of recent Unauthorized Data Modification vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

Unauthorized Data Modification in Advanced Poll.

Description.

Vulnerable script: include/class_poll.php

UserAgent value from header of HTTP-query is not properly sanitized before being used in SQL query. This can be used to make some SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

Vulnerable Script: include/class_poll.php

This attack would lead the coordinates to be spoofed and taken over by illegal Proxies. This is done, by checking if HTTP_X_FORWARDED_FOR exists and using this IP from HTTP_X_FORWARDED_FOR to identify unique voted person.

The attacker can send fake HTTP_X_FORWARDED_FOR values in http-headers as many as the attacker wants with different IP in HTTP_X_FORWARDED_FOR.

Exploit.

Need to be added to header of HTTP-query when answering a question:

User-Agent: '+[sql_expression]

Need to be added to header of HTTP-query when answering a question:

X-Forwarded-For: [any IP]

Solution

Solution is not available.

Other details >>

Unauthorized Data Modification in Magic Downloads.

Description.

Unauthorized Data Modification

Vulnerable script: settings.php

Variables $action $passwd $admin_password $new_passwd $confirm_passwd are not initialized and their values can be replaced by user-defined data. This can be used to make unauthorized modifications in config.php

Condition: register_globals = ON

Exploit.

Unauthorized Data Modification Example

http://host/path/settings.php?action=change&passwd=1&admin_password=1&new_passwd=new&confirm_passwd=new

Solution

Solution is not available.

Other details >>

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>