[VIM] PortailPHP id parameter mess

Steven M. Christey coley at mitre.org
Sun Aug 7 17:13:43 EDT 2005


Regarding: CAN-2005-2486

================

Reference: BUGTRAQ:20050804 SQL IN PortailPHP
Reference: URL:http://msgs.securepoint.com/cgi-bin/get/bugtraq0508/53.html
Reference: BID:14474
Reference: URL:http://www.securityfocus.com/bid/14474

SQL injection vulnerability in mod_forum/read_message.php in
PortailPHP allows remote attackers to execute arbitrary SQL commands
via the id parameter to index.php with the affiche parameter set to
"Forum-read_mess", a different vulnerability than CAN-2005-1701.

================


Two points:

1) http://www.safari-msi.com/portailphp/index.php appears to be the
   main page for PortailPHP, and 1.3 is the latest version (Oct 2004),
   so the original poster's claim of 2.4 is probably wrong.

2) The id parameter is reported affected, which would seem to overlap
   earlier reports of the id parameter in CAN-2005-1701, but source
   code inspection shows that the affected files are all different.
   The older CAN is for other modules.  A single script maps the
   "affiche" parameter to the appropriate include file.

Oh, and a third:

3) There is some evidence of many other SQL injection issues involving
   "id" and other parameters.

And a fourth:

4) There is lots of evidence of more significant issues through direct
   request.


- Steve


More information about the VIM mailing list