LI-countdown SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: LI-countdown SQL Injection Vulnerability
From: sex@xxxxxxxxxxxxxx
Date: 12 Feb 2008 19:13:45 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

--------------------Summary---------------- 
Vendor: LI-Scripts 
Vendor's Web Site: http://www.liscripts.net 
Software: LI-countdown 
Sowtware's Web Site: http://www.liscripts.net/products.php#countdown
Critical Level: Moderate 
Type: SQL Injection 
Class: Remote 
Status: Unpatched 
PoC/Exploit: Not Available 
Solution: Not Available 
Discovered by: http://www.aaa-aaa.net.ru/

-----------------Description--------------- 
1. SQL Injection. 

Vulnerable script: countdown.php 

Parameter 'years' is not properly sanitized before being used in SQL 
query. This can be used to make SQL queries by injecting arbitrary SQL 
code. 

Condition: magic_quotes_gpc = off 

--------------PoC/Exploit---------------------- 
Waiting for developer(s) reply. 

--------------Solution--------------------- 
No Patch available. 

--------------Credit----------------------- 
Discovered by: http://aaa-aaa.net.ru/


Regards, 
sex@xxxxxxxxxxxxxx
http://www.aaa-aaa.net.ru/

Prev by Date: Re: Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0
Next by Date: Cacti 0.8.7a Multiple Vulnerabilities
Previous by thread: cacti -- Multiple security vulnerabilities have been discovered
Next by thread: Cacti 0.8.7a Multiple Vulnerabilities
Index(es):
- Date
- Thread