lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200310201956.09359.aviram@beyondsecurity.com>
Date: Mon, 20 Oct 2003 19:56:09 +0200
From: Aviram Jenik <aviram@...ondsecurity.com>
To: bugtraq@...urityfocus.com
Subject: Multiple SQL Injection Vulnerabilities in DeskPRO


Multiple SQL Injection Vulnerabilities in DeskPRO
-------------------------------------------------------------------------

Article reference: 
http://www.securiteam.com/unixfocus/6R0052K8KM.html

SUMMARY

DeskPRO (http://www.deskpro.com) is "an integrated script to manage your 
customer sales and support". The DeskPRO product uses a SQL engine (MySQL) to 
store information.
The product contains multiple pages that do not adequately filter our user 
provided data, allowing a remote attacker to insert malicious SQL statements 
into existing ones.


DETAILS

Vulnerable systems:
  * DeskPRO version 1.1.0 and prior

Immune systems:
  * DeskPRO version 1.1.2
 
 Examples:
 http://vulsite.com/deskpro_v1/faq.php?cat=45'
 http://vulsite.com/deskpro_v1/faq.php?article=105'
 http://vulsite.com/deskpro_v1/view.php?ticketid=1'&ticket_pass=
 
The vulnerability is better emphasized by the fact that a remote attacker can 
logon into the system with the administrator username without knowing the 
password by entering the following information in the logon screen:
 
 Email: admin
 Password: 'or''='
 
 Vendor response:
On the 21st of Sep 2003 this issue was reported to DeskPRO, the following 
reply was received on the same day:
"Thank you for the notification, we will have a fix within 24 hours. We 
appreciate keeping the information out of the public domain until we have had 
time to fix and release a patch."
 
 On the 2nd of Oct 2003 after the majority of their customers patched the 
issue, we have decided to release this advisory.
 

The information has been provided by SecurITeam Experts 
<expert@...uriteam.com>. 

-- 
Aviram Jenik
Beyond Security Ltd.
http://www.BeyondSecurity.com
http://www.SecuriTeam.com

Know that you're safe:
http://www.AutomatedScanning.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ