PHP Dir Submit Login SQL Injection Vulnerability

Posted on Monday, May 25, 2009 @ 15:21:45 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA35125

VERIFY ADVISORY: http://secunia.com/advisories/35125/

Critical: Moderately Critical

DESCRIPTION: A vulnerability has been reported in PHP Dir Submit, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the username and password when logging in to the administrator panel is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

SOLUTION: Restrict access to the administrator panel (e.g. via ".htaccess").

PROVIDED AND/OR DISCOVERED BY: Snakespc

ORIGINAL ADVISORY: http://milw0rm.com/exploits/8710
 
 
click Related        click Share
 
 
Associated Topics

PHP
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,745,286
  • Today: 52,440
Server InfoServer Info
  • Oct 20, 2018
  • 12:01 pm PDT
 
 

Daily Inspiration