SecurityTracker: NooTopList Input Validation Holes Permit SQL Injection Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > NooTopList

Vendors: nootoplist.com

NooTopList Input Validation Holes Permit SQL Injection Attacks

SecurityTracker Alert ID: 1014931

SecurityTracker URL: http://securitytracker.com/id/1014931

CVE Reference: CVE-2005-3003 (Links to External Site)

Updated: Jun 8 2008

Original Entry Date: Sep 19 2005

Impact: Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Version(s): 1.0.0 [FINAL] (rel: 17)

Description: David Sopas Ferreira (SmOk3) reported a vulnerability in NooTopList. A remote user can inject SQL commands.

The 'index.php' script does not properly validate user-supplied input in the 'o' and 'sort' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

/index.php?o='[SQL INJECTION]
/index.php?sort='[SQL INJECTION]

The original advisory is available at:

http://www.systemsecure.org/ssforum/viewtopic.php?t=249

Impact: A remote user can execute SQL commands on the underlying database.

Solution: No solution was available at the time of this entry.

Vendor URL: www.nootoplist.com/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Sat, 17 Sep 2005 20:23:09 +0100
Subject: SS#13092005 NooToplist 1.0.0 SQL Injection

ORIGINAL: http://www.systemsecure.org/ssforum/viewtopic.php?t=249

Ref: SS#13092005
SYSTEMSECURE.ORG - Advisory/Exploit

* PUBLIC ADVISORY *

Software:
NooToplist 1.0.0 [FINAL] (rel: 17)

Link:
http://nootoplist.com/index.php

Attacks:
SQL Injection

Discovered by:
David Sopas Ferreira aka SmOk3
[david at systemsecure.org]

GoogleDork: "Powered by NooToplist 1.0.0"


-- ! Description !--
This PHP based TopList script is vulnerable to some SQL Injections. Impact An unauthenticated attacker may
execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of database
and expose sensitive information.

Affected file: index.php - variables $o and $sort

PoC:
/index.php?o='[SQL INJECTION]
/index.php?sort='[SQL INJECTION]


-- ! Solution !--
The script should filter metacharacters from user input.



<base64>Rm9y52EgUG9ydHVnYWw=</base64>

-EOF-

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC