Not only was this previously discovered, you don't seem to understand the
variables:
On Thu, 30 Dec 2010, advisory (at) htbridge (dot) ch [email concealed] wrote:
: Vulnerability ID: HTB22754
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html
: Product: LightNEasy
:
: Vulnerability Details:
: The vulnerability exists due to failure in the "/LightNEasy.php" script to properly sanitize user-supplied input in "handle" variable from cookies.
: GET / HTTP/1.1
: Cookie: userhandle=123"SQL_CODE_HERE
That looks like the "userhandle" cookie, not the "handle"?
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows
remote attackers to execute arbitrary SQL commands via the userhandle
cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the
provenance of this information is unknown; the details are obtained solely
from third party information.
Not only was this previously discovered, you don't seem to understand the
variables:
On Thu, 30 Dec 2010, advisory (at) htbridge (dot) ch [email concealed] wrote:
: Vulnerability ID: HTB22754
: Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html
: Product: LightNEasy
:
: Vulnerability Details:
: The vulnerability exists due to failure in the "/LightNEasy.php" script to properly sanitize user-supplied input in "handle" variable from cookies.
: GET / HTTP/1.1
: Cookie: userhandle=123"SQL_CODE_HERE
That looks like the "userhandle" cookie, not the "handle"?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3485
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows
remote attackers to execute arbitrary SQL commands via the userhandle
cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the
provenance of this information is unknown; the details are obtained solely
from third party information.
[ reply ]