Ads

Scout Portal Toolkit "forumid" Parameter SQL Injection PDF Print E-mail
Thursday, 29 June 2006
Simo64 has discovered a vulnerability in Scout Portal Toolkit, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "forumid" parameter in "SPT--ForumTopics.php" isnt properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been confirmed in version 1.4.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Simo64, Moroccan Security Research Team

Original Advisory:
http://milw0rm.com/exploits/1957
 
< Prev   Next >
[ Back ]