<<< Date Index >>>     <<< Thread Index >>>

Autorank PHP SQL Injection Vulnerabilities




Vendor  : JMB Software
URL     : http://www.jmbsoft.com
Version : AutoRank PHP 2.0.4 && Others?
Risk    : SQL Injection Vulnerability



Description:
The description as taken from the Autorank website "AutoRank PHP is our 
next generation toplist software, written completely in PHP and backed 
by a MySQL database. This software has all the features of the Pro version, 
and we have added several more which make this the most advanced toplist 
software available today. We have combined the power and speed of PHP and 
MySQL to make AutoRank PHP extremely efficient and scalable. A complete 
list of features is available if you would like to jump right to that. 
Otherwise, you can continue on and find out why AutoRank PHP is the premier 
PHP toplist software available today."



Problem:
Autorank PHP is vulnerable to SQL Injection attacks. The vulnerabilities
can be exploited by injecting SQL queries into the user & password fields when
editing an account, the email field when requesting a lost password and the 
username 
field when registering an account. If a malicious attacker logs in with the 
username 
and password '-- he will automatically be given access to the first account 
cataloged 
in the database. He can then view the HTML source code to view that users 
password
in plain text. This also leaves the database being used by Autorank PHP open 
for attack.
The affected file is accounts.php



Credits:
Credits go to JeiAr of the GulfTech Security Research Team. 
http://www.gulftech.org