[3/5] Smoothflash “cid” SQL Injection Vulnerability

March 31st, 2008 by

[3/5] Smoothflash “cid” SQL Injection Vulnerability

:S@BUN has reported a vulnerability in Smoothflash, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the "cid" parameter in admin_view_image.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Successful exploitation allows e.g. retrieving administrator usernames and password hashes.Solution:Filter malicious characters and character sequences in a web proxy.Provided and/or discovered by:S@BUNOriginal Advisory:http://milw0rm.com/exploits/5322

Original post by kapil

[3/5] Smoothflash “cid” SQL Injection Vulnerability

Related Articles:

[3/5] Joomla! jooget Component “id” SQL Injection

[3/5] Hunkaray Okul Portali “id” SQL Injection

[3/5] LI-Guestbook “country” SQL Injection Vulnerability

[3/5] ACG News Multiple SQL Injection Vulnerabilities

[3/5] Efestech E-Kontör “id” SQL Injection

Posted in Advisories - Exploits | | [3/5] Smoothflash “cid” SQL Injection Vulnerability

<< [2/5] Nik Sharpener Pro Insecure File Permissions | [3/5] Perlbal Chunked Uploads Denial of Service and Directory Traversal >>

Cybertrion Systems

[3/5] Smoothflash “cid” SQL Injection Vulnerability

Categories

Archives:

Search:

Meta: