[VIM] vendor dispute: 20481: PHP Handicapper process_signup.php serviceid Variable SQL Injection (fwd)
Steven M. Christey
coley at linus.mitre.org
Fri Feb 10 21:44:07 EST 2006
*sigh*
It is at least 67% true reporting.
Why do we seem to get complaints on Friday? :)
SQL injection - or at least forced invalid SQL - is here, with path
disclosure:
http://www.phphandicapper.com/demos/1front/source/process_signup.php?serviceid='
This yields the error:
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL
result resource
And here's an XSS vector as identified in Secunia 17412.
http://www.phphandicapper.com/demos/1front/source/msg.php?msg=<script>alert(document.cookie)</script>
Oh - for those VDBs with provenance problems, here is the original
BiPi_Hack advisory:
http://www.zone-h.org/advisories/read/id=8360
NOTE - the original reference implies that the process_signup.php login
parameter vector is CRLF injection, *not* XSS.
- Steve
On Fri, 10 Feb 2006, security curmudgeon wrote:
>
>
> ---------- Forwarded message ----------
> From: Web Design WRKG
> To: moderators at osvdb.org
> Date: Fri, 10 Feb 2006 17:21:15 -0800
> Subject: [OSVDB Mods] [Change Request] 20481: PHP Handicapper process_signup.php
> serviceid Variable SQL Injection
>
> I own the software in question and this is 100% false reporting, this is a
> slander campaign from a customer who had a vulnerability in his SERVER not
> the software, and was running another script in which emails were
> bouncing,
>
More information about the VIM
mailing list