SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  OpenRatings Vendors:  OpenRatings
OpenRatings Voting Software Input Validation Flaw Lets Remote Users Execute Arbitrary SQL Statements on the System
SecurityTracker Alert ID:  1004853
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 27 2002
Impact:  Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.0
Description:  An input validation vulnerability was reported in the OpenRatings PHP-based engine for rating professors. A remote user can insert SQL statements to be executed on the underlying database server.

According to the report, the 'add.phtml' page does not properly escape user-supplied inputs when making database calls. This reportedly occurs in the isset($_REQUEST['haveProfInfo']) statement.

A remote user can provide specially crafted input to cause arbitrary SQL commands to be executed by the underlying MySQL server.

A race condition was also reported, but no details were provided.
Impact:  A remote user can execute arbitrary SQL statements on the underlying database server.
Solution:  The vendor has released a fixed version (1.1), available at:

http://openratings.sigkill.com/
Vendor URL:  coop.sigkill.com/bz/show_bug.cgi?id=33 (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Wed, 24 Jul 2002 01:23:58 -0400
Subject:  OpenRatings 1.1

 

OpenRatings 1.1 
  by J. Paul Reed (http://freshmeat.net/users/preed/)
  Tuesday, July 23rd 2002 11:20

Education
Internet :: WWW/HTTP
Internet :: WWW/HTTP :: Dynamic Content

About: OpenRatings is a PHP/MySQL-based engine and Web site template for
rating professors. The site sports a quick survey and free-form
comments,
and allows students to search for the best professors on their campuses
based on a number of criteria. OpenRatings is great for students that
want
to start (and maintain) a professor evaluation site on their own
campuses,
as well as for smaller universities who want to allow their students to
rate professors. 

Changes: This version is mostly a polish up of the 1.0 release. One
security-critical bug which allowed unchecked database access and one
race
condition were fixed, in addition to a few bugs which should make
management and installation on hosting provider machines easier. All
OpenRatings 1.0 users are encouraged to upgrade. 

License: OSI Approved

URL: http://freshmeat.net/projects/openratings/

Vendor URL:  http://openratings.sigkill.com/

Vendor:  OpenRatings

================================

From:  http://coop.sigkill.com/bz/show_bug.cgi?id=33

add.phtml makes a bunch of DB calls (in the
isset($_REQUEST['haveProfInfo'] branch of the if statement) without
quote()ing, and thus escaping any of it; this is obviously a bad thing
(tm).


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC