From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 4 Apr 2005 17:47:21 +0200
Subject: [UNIX] Turnkey Websites SQL Injection
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050404160712.32154580D@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
X-Spam-Status: No, hits=2.067 tagged_above=2 required=5 tests=AWL, INFO_TLD,
MSGID_FROM_MTA_ID
X-Spam-Level: **
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Turnkey Websites SQL Injection
------------------------------------------------------------------------
SUMMARY
" <http://www.turnkeywebsites.info/>; Turnkey Website is a unique product
that combines all the resources necessary to create fun, valuable websites
using great quality designs, integrated scripts & affiliate programs and
easy step by step instructions."
Flaws in the way Turnkey Websites preforms sanitation of user input allows
SQL injection.
DETAILS
Vulnerable Systems:
* Turnkey Websites
Exploits:
Any of the following URLs can be used to trigger the vulnerability:
http://localhost/SearchResults.php?SearchTerm='SQL_INJECTION
&where='SQL_INJECTION&ord1=ItemPrice&ord2=desc
http://localhost/SearchResults.php?SearchTerm=dcrab&where='SQL_INJECTION
&ord1=&ord2=desc
http://localhost/SearchResults.php?SearchTerm=dcrab&where=ItemDescription
&ord1=ItemPrice&ord2='SQL_INJECTION
ADDITIONAL INFORMATION
The information has been provided by <mailto:dcrab@hackerscenter.com.>
Diabolic Crab.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
