PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure
In the latest version of PHP-Fusion, the content management system by
Digitanium (php-fusion.co.uk), there is an SQL Error in messages.php that
reveals path names and a table name, and someone could possibly manipulate the
SQL database.
The error is as follows, it is with the Search and Sort option:
/messages.php?folder=inbox&srch_text=a&srch_type=blehblahbleh&sort_type=blahblehblah&srch_submit=Search%20/%20Sort
The query above will give the following error (or something to the effect):
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'LIKE 'a'' at line 1
Warning: mysql_result(): supplied argument is not a valid MySQL result resource
in c:\WWW\removed\data\maincore.php on line 111
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'LIKE 'a'' at line 1You
have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'LIKE 'a' ORDER BY
message_read, LIMIT 0,20' at line 1
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in c:\WWW\removed\data\maincore.php on line 116
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'LIKE 'a' ORDER BY
message_read, LIMIT 0,20' at line 1
The error could be used to obtain classified information about the database and
the system, and is definitely manipulable.
-Nolan West (CNS Chemist)