[VIM] 20481: PHP Handicapper process_signup.php serviceid Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Fri Feb 10 21:26:06 EST 2006
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Web Design WRKG
Cc: moderators at osvdb.org
Date: Fri, 10 Feb 2006 21:25:37 -0500 (EST)
Subject: Re: [OSVDB Mods] [Change Request] 20481: PHP Handicapper
process_signup.php serviceid Variable SQL Injection
Hello,
: I own the software in question and this is 100% false reporting, this is
: a slander campaign from a customer who had a vulnerability in his SERVER
: not the software, and was running another script in which emails were
: bouncing,
This issue appears to have originally been disclosed to Secunia [1]. They
cite "BiPi_HaCk, Nightmare TeAmZ" as the person who shared the information
with them, and found the vulnerability.
Are you saying that 'BiPi_HaCk' is the customer attempting to slander you?
Since you have a demo available, I went to the following URL to see if the
file in question existed:
http://www.phphandicapper.com/demos/1front/source/process_signup.php
This URL yields the following error:
Warning: mysql_result(): supplied argument is not a valid MySQL result
resource in
/home/hand/public_html/demos/1front/source/process_signup.php
on line 20 You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near ','paypal')' at line 1
This warning is likely why someone thought the script was vulnerable to
SQL injection. The error message is one indication that it may be, but no
proof by any means. As you can see though, it also discloses the full path
of the installation which is a seperate issue.
Brian
OSVDB.org
More information about the VIM
mailing list