Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

DeskPRO Admin Panel Multiple HTML Injections

PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)

eXV2.de Browser Cookie is not properly sanitised

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

From:	joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:	14 августа 2007 г.
Subject:	JobLister3 SQL injection vulnerabilities

JobLister3 by SkilMatch Staffing Systems, Inc.
Multiple SQL injection vulnerabilities

http://www.dubdubdub.com/

http://www.skilmatch.com/

The search form filed doesnt strip special characters that have special

meanings. A single quote makes the application spit out a number of

errors.

This is not limited to the search query. The GET'd variables also fail to

sanatize characters.
Union selection:
www.example.com/index.
php?mode=showbyID&jobid=99786'%20union%20all%20sele

ct%20something%20from%20something/*

Dump of entries:
www.example.com/index.
php?mode=showbyID&jobid=99786'%20or%201=1/*

Using some old fasioned order by work, wee deduce 16 columns
www.example.com/index.
php?mode=showbyID&jobid=99786'%20order%20by%2016/*

Thus, the fix currently would be to impletement addslashes functions to

all areas that recieve (or can recieve) user supplied data.