Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: a6088.htm

paFileDB SQL Injection Vulnerability
24th Mar 2003 [SBWID-6088]

	paFileDB SQL Injection Vulnerability


	paFileDB 3.x
	Tested on:
	         paFileDB 3.0 Final
	         paFileDB 3.0 Beta 3.1
	         paFileDB 3.1 Final


	FluRDoInG [] [] says :
	paFileDB is a file management script that supports user file rating.  It
	uses an SQL database backend. Multiple vulnerabilities exist due to  the
	lack of checked input variables. The following exploits exist:
	  - Modified 'id' tag allows users to submit unlimited ratings.
	  - Hand-edited 'rating' tag allows users to submit ratings above 10 or below 0.
	  - Both tags do not check for escape characters and will allow SQL injection.
	Proof-Of-Concept Exploits:
	Replace [RANDOM] with a random short string and the script will  not  be
	stop you from voting as many times as you like.
	Submit file rating of 1000 out of 10. Drive rate up.  Conversely,  -1000
	would have the opposite effect driving the rating down.
	SQL Injection vulnerability (exploit code not included)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH