|
[08/12/2006]
| Secunia Advisory: |
SA23076 |
|
| Release Date: |
2006-12-06 |
|
| Critical: |
Moderately critical |
| Impact: |
Manipulation of data
Exposure of sensitive information
|
| Where: |
From remote
|
| Solution Status: |
Unpatched |
|
| Software: |
iWare Professional 5.x
|
|
Description:
Telspace Systems Research Team have discovered a vulnerability in iWare Professional, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "D" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows retrieval of usernames and password hashes, but requires that "magic_quotes_gpc" is disabled.
The vulnerability is confirmed in version 5.0.4. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Set "magic_quotes_gpc" in php.ini to On.
Provided and/or discovered by:
Charlton Smith and others from Telspace Systems Research Team
|
