Ads [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability Friday, 21 July 2006 Software: phpFaber TopSites Version: <=2.0.9 Type: SQL Injection Vulnerability Made public: July, 19th 2006 Vendor: phpFaber, LLC Page: http://www.phpfaber.com/ Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz http://www.majorsecurity.de Original Advisory: ---------------------------------------------- http://www.majorsecurity.de/advisory/major_rls21.txt Affected Products: ---------------------------------------------- phpFaber TopSites 2.0.9 and prior Description: ---------------------------------------------- phpFaber TopSites is a feature-packed, reliable and secure Top List for webmasters who want to increase traffic to their websites. It is fully customizable and doesnt require any programming skills! You can create your forms just in 3 clicks! Vulnerability: ---------------------------------------------- Input passed directly to the "i_cat" and "method" parameter in "index.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution: Edit the source code to ensure that input is properly sanitised.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.