|
PY-Membres SQL Injection and Admin Access
|
|
Secunia Advisory:
|
SA9624
|
|
|
Release Date:
|
2003-08-27
|
|
Popularity:
|
4,996 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | PY-Membres 4.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Two vulnerabilities have been identified in PY-Membres allowing malicious people to gain admin access or manipulate SQL queries.
1) The script "admin/admin.php" doesn't verify users properly. This makes it possibly to gain admin access by setting the "adminpy" parameter to "1".
2) It is possible to manipulate the "email" parameter in "pass_done.php" so that the SQL query is altered. This could be exploited to create a file with all usernames and passwords, which potentially could be retrieved via HTTP.
The vulnerabilities have been reported in versions 4.0, 4.1, and 4.2.
Solution:
Edit the source code so that input is verified properly.
Provided and/or discovered by:
frog-m@n
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
