SQL Injection Vulnerability in PHP Newsfeed
Summary
- Vulnerability
- SQL Injection Vulnerability in PHP Newsfeed
- Discovered
- 2006.04.30
- Last Update
- 2006.05.10 Exploitation code published
- ID
- EV0129
- CVE
- CVE-2006-2139
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- PHP Newsfeed (http://www.wilsonncareabusinesses.com/indexFrame.php?subpage=phpnewsfeed.php)
- Version
- 2004/07/23
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in PHP Newsfeed (http://www.wilsonncareabusinesses.com/indexFrame.php?subpage=phpnewsfeed.php) script.
SQL Injection.
Vulnerable scripts:
deltables.php
manualsubmit.php
delete.php
searchnews.php
Parameters name(deltables.php), select(manualsubmit.php), header(manualsubmit.php), url(manualsubmit.php), source(manualsubmit.php), time(manualsubmit.php), num(delete.php), tablename(searchnews.php) are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/Exploit
SQL Injection Example.
URL: http://[host]/deltables.php?name=' [SQL expr] /*
Solution.
Solution for "SQL Injection Vulnerability in PHP Newsfeed" is not available. Check vendor's website for updates.