[VIM] MaxTrade - vendor ack and second bug?
security curmudgeon
jericho at attrition.org
Tue Jun 27 17:44:30 EDT 2006
Amusing comment left on the OSVDB 25122 entry:
Comment from Avalon Ltd. (83.228.39.7):
SOLUTION: Sanitised 3 files. For can not be exploited to manipulate SQL
queries by injecting arbitrary SQL code. Upgrade to MAXTrade v1.0.3
STATUS: Fixed
BUG 002: Sanitized search.php for can not be exploited to manipulate SQL
queries by injecting arbitrary SQL code SOLUTION: Upgrade to MAXTrade
v1.0.2 STATUS: Fixed This site www.osvdb.org sucks !!!!! VERY OLD UP TO
DATE DATA !!!!
The vendor URL is http://softdivision.com/, which is different than the
original pridels link. Looking at the 'bug tracker' link we see the r0t
disclosed issue, but it also mentions a search.php sql injection as well,
which was not disclosed by r0t apparently.
http://softdivision.com/info.php?info=83&stranica=menu
* BUG 001:
Vuln. discovered by :
r0t http://pridels.blogspot.com/2006/04/MAX-Trade-sql-inj.html
Date: 30 april 2006
vendorlink:http://www.softdivision.com/info.php?info=83&stranica=menu
affected versions:1.0.1 and prior
###############################################
Vuln. Description:
MAX-Trade contains a flaw that allows a remote sql injection attacks.
Input
passed to the "categori" and "stranica" parameter in "pocategories.php"
isn't
properly sanitized before being used in a SQL query. This can be exploited
to
manipulate SQL queries by injecting arbitrary SQL code.
examples:
/pocategories.php?stranica=categories&categori=[SQL]
/pocategories.php?stranica=[SQL]
SOLUTION:
Sanitised 3 files. For can not be exploited to manipulate SQL queries by
injecting arbitrary SQL code. Upgrade to "MAX-Trade" v1.0.3
STATUS: Fixed
-------------------------------------------------------------------------------
* BUG 002:
Sanitized search.php for can not be exploited to manipulate SQL
queries by injecting arbitrary SQL code
SOLUTION:
Upgrade to "MAX-Trade" v1.0.2
STATUS: Fixed
More information about the VIM
mailing list