SQL injections in PortailPHP
svadvisory*5
-------------------------------------------------------------
Title: SQL injections in PortailPHP |
The program: PortailPHP v 1.3 |
Homepage: http://www.portailphp.com/ ------------
Has found: CENSORED | 14.05.05 |
-------------------------------------------------------------
The description
-------------------------------------------------------------|
Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
Since this parameter is involved in all modules, all of them
Are vulnerable.
It occurs because of absence of a filtration of parameter id.
Examples
-------------------------------------------------------------|
http://example/index.php?affiche=News&id='[SQL inj]
http://example/index.php?affiche=File&id='[SQL inj]
http://example/index.php?affiche=Liens&id='[SQL inj]
http://example/index.php?affiche=Faq&id='[SQL inj]
The conclusion
-------------------------------------------------------------|
Vulnerability is found out in version 1.3, on other versions
Did not check. Probably they too are vulnerable.
*************************************************************
CENSORED || Search Vulnerabilities Team || www.svt.nukleon.us