[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
From: ctruncer@xxxxxxxxxxxxxxxxxxxxxx
Date: Fri, 24 Feb 2012 14:21:36 -0700

You only gave them two days to respond?


Chris



On 24.02.2012 08:08, Thomas Richards wrote:
> # Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
> # Date: 02/22/12
> # Author: G13
> # Software Link: https://sourceforge.net/projects/phpgiftreg/
> # Version: 1.5.5
> # Category: webapps (php)
> #
>
> ##### Vulnerability #####
>
> The userid parameter in the users.php file is vulnerable to SQL 
> Injection.
>
> A user must be signed in to exploit this.
>
> ##### Vendor Notification #####
>
> 02/22/12 - Vendor Notified
> 02/24/12 - No response, disclosure
>
> ##### Exploit #####
>
> http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
  - From: Laurelai

References:
- [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
  - From: Thomas Richards

Prev by Date: Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
Next by Date: [Full-disclosure] TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
Previous by thread: Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
Next by thread: Re: [Full-disclosure] PHP Gift Registry 1.5.5 SQL Injection
Index(es):
- Date
- Thread