SQL Injection vulnerability in Alguest

Summary

Vulnerability
SQL Injection vulnerability in Alguest
Discovered
2010.11.22
Last Update
n/a n/a
ID
EV0154
CVE
n/a
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Alguest (http://sourceforge.net/projects/alguest/) script.

SQL Injection
It is possible to inject arbitrary SQL query using start parameter in index.php script.

Parameter start is used in SQL query without any sanitation.

PoC/Exploit

SQL Injection Example

Vulnerable code: $query = @mysql_query("SELECT * FROM $tabella order by id asc limit $start,$rec_pagina");

SQL Injection PoC: http://website/alguest/index.php?start='

Solution.

Solution for "SQL Injection vulnerability in Alguest" is not available. Check vendor's website for updates.