|
|
|
|
| |
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2008-44/
|
| |
Vulnerable Systems:
* Interact version 2.4.1
1) Input passed to the "email_user_key" parameter in spaces/emailuser.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability allows e.g. retrieval of super administrator usernames and password hashes, but requires knowledge of the database table prefix.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. add new super administrator users by enticing a logged-in super administrator to visit a malicious web page.
Solution:
Apply the vendor's official patch for vulnerability #1:
http://sourceforge.net/tracker/index.php?func=detail&aid=2208205&group_id=69681&atid=525406
Time Table:
24/10/2008 - Vendor notified.
28/10/2008 - Vendor response.
30/10/2008 - The vendor publishes a patch for vulnerability #1 and states that he will wait with the CSRF fixes and won't fix the product's CSRF issues completely.
31/10/2008 - Public disclosure.
CVE Information:
CVE-2008-386 and
CVE-2008-3868
|
|
|
|
|
