SQL Injection Vulnerability in vCounter

Summary

Vulnerability
SQL Injection Vulnerability in vCounter
Discovered
2006.03.28
Last Update
2006.04.07 Exploitation code published
ID
EV0108
CVE
CVE-2006-1499
Risk Level
low
Type
SQL Injection
Status
Unpatched. Vendor notyfied.
Vendor
n/a
Vulnerable Software
vCounter (http://www.sourceworkshop.com/)
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in vCounter (http://www.sourceworkshop.com/) script.

Vulnerable script: vCounter.php

Variable $_SERVER[REQUEST_URI] is not properly sanitized before being used in 'INSERT' SQL query. This can be used to evaluate arbitrary SQL expression.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Example:

http://[host]/example_page.php?zzz'+benchmark(999999,md5(123))+'zzz

Solution.

Solution for "SQL Injection Vulnerability in vCounter" is not available. Check vendor's website for updates.