bcoos-sql.txt
Posted on 03 December 2007
######################################################## Bcoops adresses/ratefile.php lid variable SQL injection vendor url: http://www.bcoops.net Advisore: http://lostmon.blogspot.com/2007/11/ bcoops-adressesratefilephp-lid-variable.html vendor notify:NO exploits available: YES ######################################################## bcoos is content-community management system written in PHP-MySQL. bcoops contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the script not properly sanitizing user-supplied input to the 'lid' variable, and adresses/ratefile.php script.This may allow an attacker to inject or manipulate SQL queries in the backend database. ################# Versions: ################# bcoops 1.0.10 =< vulnerable ################# Solution: ################# No solution at this time !!! Try to edit the source code or Try another product ################# Timeline: ################# Discovered:25-11-2007 vendor notify:-------- vendor response:------- disclosure:30-11-2007 ################# SQL intections: ################# http://localhost/bcoops/modules/adresses/ratefile.php? lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201 #######################
