[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050521230956.27066.qmail@www.securityfocus.com>
Date: 21 May 2005 23:09:56 -0000
From: CENSORED <censored@...l.ru>
To: bugtraq@...urityfocus.com
Subject: SQL injections in PortailPHP
svadvisory*5
-------------------------------------------------------------
Title: SQL injections in PortailPHP |
The program: PortailPHP v 1.3 |
Homepage: http://www.portailphp.com/ ------------
Has found: CENSORED | 14.05.05 |
-------------------------------------------------------------
The description
-------------------------------------------------------------|
Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
Since this parameter is involved in all modules, all of them
Are vulnerable.
It occurs because of absence of a filtration of parameter id.
Examples
-------------------------------------------------------------|
http://example/index.php?affiche=News&id='[SQL inj]
http://example/index.php?affiche=File&id='[SQL inj]
http://example/index.php?affiche=Liens&id='[SQL inj]
http://example/index.php?affiche=Faq&id='[SQL inj]
The conclusion
-------------------------------------------------------------|
Vulnerability is found out in version 1.3, on other versions
Did not check. Probably they too are vulnerable.
*************************************************************
CENSORED || Search Vulnerabilities Team || www.svt.nukleon.us
Powered by blists - more mailing lists