PHP Downloadcounter for Wallpapers SQL Injection
Summary
- Vulnerability
- PHP Downloadcounter for Wallpapers SQL Injection
- Discovered
- 2006.03.17
- Last Update
- 2006.03.27 Exploitation code published
- ID
- EV0105
- CVE
- CVE-2006-1328
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- Skull-Splitter's PHP Downloadcounter for Wallpapers (http://www.boysen.be/en/index.php?part=scripts_dlcw)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in Skull-Splitter's PHP Downloadcounter for Wallpapers (http://www.boysen.be/en/index.php?part=scripts_dlcw) script.
Vulnerable script: count.php
Parameters count_fieldname, url_fieldname, url are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/Exploit
SQL Injection Example:
http://[host]/sscounter/count.php?count_fieldname=id&url_fieldname=if(0,1,benchmark(999999,md5(char(1,2,3))))/*
Solution.
Solution for "PHP Downloadcounter for Wallpapers SQL Injection" is not available. Check vendor's website for updates.