[VIM] vendor dispute: 20481: PHP Handicapper process_signup.php serviceid Variable SQL Injection (fwd)

Steven M. Christey coley at linus.mitre.org
Fri Feb 10 21:44:07 EST 2006


*sigh*

It is at least 67% true reporting.

Why do we seem to get complaints on Friday? :)

SQL injection - or at least forced invalid SQL - is here, with path
disclosure:

http://www.phphandicapper.com/demos/1front/source/process_signup.php?serviceid='


This yields the error:

  Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL
  result resource


And here's an XSS vector as identified in Secunia 17412.

http://www.phphandicapper.com/demos/1front/source/msg.php?msg=<script>alert(document.cookie)</script>

Oh - for those VDBs with provenance problems, here is the original
BiPi_Hack advisory:

  http://www.zone-h.org/advisories/read/id=8360


NOTE - the original reference implies that the process_signup.php login
parameter vector is CRLF injection, *not* XSS.


- Steve


On Fri, 10 Feb 2006, security curmudgeon wrote:

>
>
> ---------- Forwarded message ----------
> From: Web Design WRKG
> To: moderators at osvdb.org
> Date: Fri, 10 Feb 2006 17:21:15 -0800
> Subject: [OSVDB Mods] [Change Request] 20481: PHP Handicapper process_signup.php
>       serviceid Variable SQL Injection
>
> I own the software in question and this is 100% false reporting, this is a
> slander campaign from a customer who had a vulnerability in his SERVER not
> the software, and was running another script in which emails were
> bouncing,
>


More information about the VIM mailing list