[VIM] 20481: PHP Handicapper process_signup.php serviceid Variable SQL Injection (fwd)

security curmudgeon jericho at attrition.org
Fri Feb 10 21:26:06 EST 2006



---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Web Design WRKG
Cc: moderators at osvdb.org
Date: Fri, 10 Feb 2006 21:25:37 -0500 (EST)
Subject: Re: [OSVDB Mods] [Change Request] 20481: PHP Handicapper
     process_signup.php serviceid Variable SQL Injection


Hello,

: I own the software in question and this is 100% false reporting, this is
: a slander campaign from a customer who had a vulnerability in his SERVER
: not the software, and was running another script in which emails were
: bouncing,

This issue appears to have originally been disclosed to Secunia [1]. They
cite "BiPi_HaCk, Nightmare TeAmZ" as the person who shared the information
with them, and found the vulnerability.

Are you saying that 'BiPi_HaCk' is the customer attempting to slander you?

Since you have a demo available, I went to the following URL to see if the
file in question existed:

http://www.phphandicapper.com/demos/1front/source/process_signup.php

This URL yields the following error:

   Warning: mysql_result(): supplied argument is not a valid MySQL result
   resource in
   /home/hand/public_html/demos/1front/source/process_signup.php
   on line 20 You have an error in your SQL syntax. Check the manual that
   corresponds to your MySQL server version for the right syntax to use
   near ','paypal')' at line 1


This warning is likely why someone thought the script was vulnerable to
SQL injection. The error message is one indication that it may be, but no
proof by any means. As you can see though, it also discloses the full path
of the installation which is a seperate issue.

Brian
OSVDB.org


More information about the VIM mailing list