[VIM] PortailPHP id parameter mess
Steven M. Christey
coley at mitre.org
Sun Aug 7 17:13:43 EDT 2005
Regarding: CAN-2005-2486
================
Reference: BUGTRAQ:20050804 SQL IN PortailPHP
Reference: URL:http://msgs.securepoint.com/cgi-bin/get/bugtraq0508/53.html
Reference: BID:14474
Reference: URL:http://www.securityfocus.com/bid/14474
SQL injection vulnerability in mod_forum/read_message.php in
PortailPHP allows remote attackers to execute arbitrary SQL commands
via the id parameter to index.php with the affiche parameter set to
"Forum-read_mess", a different vulnerability than CAN-2005-1701.
================
Two points:
1) http://www.safari-msi.com/portailphp/index.php appears to be the
main page for PortailPHP, and 1.3 is the latest version (Oct 2004),
so the original poster's claim of 2.4 is probably wrong.
2) The id parameter is reported affected, which would seem to overlap
earlier reports of the id parameter in CAN-2005-1701, but source
code inspection shows that the affected files are all different.
The older CAN is for other modules. A single script maps the
"affiche" parameter to the appropriate include file.
Oh, and a third:
3) There is some evidence of many other SQL injection issues involving
"id" and other parameters.
And a fourth:
4) There is lots of evidence of more significant issues through direct
request.
- Steve
More information about the VIM
mailing list