|
|
| |
My Classifieds SQL is a "Perl/CGI/MySQL script which will quickly and easily allow the hosting of a classifieds forum on a website. Users can browse the ads, but must log in with their email and password before being allowed to post an ad".
My Classifieds SQL is vulnerable to a SQL injection attack. The problem is due to improper sensitization of user input for the $emailvariable. A remote attacker could insert arbitrary SQL code in the $emailvariable. The vulnerability allows the passwords of the users to be written into a file and made world readable. |
| |
Credit:
The information has been provided by Sintelli SINTRAQ
The original article can be found at: http://www.sintelli.com/adv/sa-2003-04-myclassified.pdf
|
| |
Vulnerable Systems:
* FuzzyMonkey My Classifieds SQL version 2.11
Immune Systems:
* FuzzyMonkey My Classifieds SQL version 2.13
Exploit:
If the value of $email is aaa@aaa.com' OR 1=1 INTO OUTFILE'/<directory-path>/pass.txt, the SQL request becomes:
select passmd5 from people where email=' aaa@aaa.com' OR 1=1 INTO OUTFILE'/<directory-path>/pass.txt'
Resulting in the passwords of the users being written into the file pass.txt.
Impact:
A malicious attacker can obtain passwords of users.
Solution:
Upgrade to version 2.13, available from: http://www.fuzzymonkey.org/files/myclassifiedssql-2.13.tar.gz
Vulnerability History:
15 Oct 2003 Identified by Ezhilan of Sintelli
15 Oct 2003 Issue disclosed to FuzzyMonkey (Erin)
16 Oct 2003 Vulnerability confirmed by Erin
18 Oct 2003 Fix available
18 Oct 2003 Sintelli confirms vulnerability has been addressed
18 Oct 2003 Sintelli Public Disclosure
|
|
|
