On Wed, Jun 01, 2011 at 02:10:13PM +0200, [email protected] wrote: > Vulnerability ID: HTB22999 > Reference: > http://www.htbridge.ch/advisory/multiple_sql_injections_in_a_really_simple_chat_arsc.html > Product: A Really Simple Chat (ARSC) > Vendor: http://www.reallysimplechat.org/ ( http://www.reallysimplechat.org/ ) > Vulnerable Version: 3.3-rc2 > Vendor Notification: 12 May 2011 > Vulnerability Type: SQL Injection > Risk level: High > Credit: High-Tech Bridge SA Security Research Lab ( > http://www.htbridge.ch/advisory/ ) > > Vulnerability Details: > The vulnerability exists due to failure in the "/base/admin/edit_user.php" > script to properly sanitize user-supplied input in "user" variable. > Attacker can alter queries to the application SQL database, execute arbitrary > queries to the database, compromise the application, access or modify > sensitive data, or exploit various vulnerabilities in the underlying SQL > database. > The following PoC is available: > > http://[host]/base/admin/edit_user.php?arsc_user=-1%27%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15%20--%202 > > The vulnerability exists due to failure in the "/base/admin/edit_layout.php" > script to properly sanitize user-supplied input in "arsc_layout_id" variable. > The following PoC is available: > > http://[host]/base/admin/edit_layout.php?arsc_layout_id=-1%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 > > The vulnerability exists due to failure in the "/base/admin/edit_room.php" > script to properly sanitize user-supplied input in "arsc_room" variable. > The following PoC is available: > > http://[host]/base/admin/edit_room.php?arsc_room=%27%20union%20select%201,2,version%28%29,4,5,6,7%20--%202
These issues can be refered as: CVE-2011-2181. Could you please update www-site advisory? Best regards, Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
