[VIM] SQL Injections in phpwebsite
George A. Theall
theall at tenablesecurity.com
Wed Mar 22 13:45:03 EST 2006
Has anyone looked into the SQL injection flaws in phpwebsite announced here:
http://www.securityfocus.com/archive/1/428156/30/0/threaded
SecurityFocus assigned it BID 17150 and Mitre CVE-2006-1330. The
advisory doesn't specify which versions are affected and I haven't found
anything about it on the project's site / forums / mailing lists, but
Secunia reports the solution is to upgrade to a version higher than
0.8.3, which would mean 0.9.0, released early 2003.
The first issue does seem to be new, but the second appears to be the
same as that covered by CVE-2002-2178 / OSVDB 3850 and announced here:
http://archives.neohapsis.com/archives/bugtraq/2002-10/0029.html
Unfortunately, I can't find the a download for the source for 0.8.3 from
the project's website, but I did find a CVS repository that purports to
have 0.8.3:
http://cvs.cannonbose.com/cgi-bin/viewcvs.cgi/third-party/phpwebsite_0_8_3/article.php?annotate=1.4
Note that in line 106, sid is passed to a SQL query, which is the first
time it's used in that file as long as op does not equal 'Print'.
Finally, the source code for 0.9.0 does not have friends.php and has
only a stub for article.php.
Thoughts?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list