Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25193
HistoryNov 28, 2010 - 12:00 a.m.

[eVuln.com] SQL injections in FreeTicket

2010-11-2800:00:00
vulners.com
40

Subject: [eVuln.com] SQL injections in FreeTicket

New eVuln Advisory:
SQL injections in FreeTicket
Summary: http://evuln.com/vulns/146/summary.html
Details: http://evuln.com/vulns/146/description.html

-----------Summary-----------
eVuln ID: EV0146
Software: FreeTicket
Vendor: Mrcgiguy
Version: 1.0.0
Critical Level: medium
Type: SQL injection
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------

  1. 'id' SQL injection
    Vulnerability found in contact.php script.
    User-defined variable id is not properly sanitized before being used in SQL query.
    This can be used to execute arbitrary SQL query.

  2. 'email' SQL injection
    Vulnerable script is contact.php script.
    'email' parameter is not properly sanitized before being used in SQL query.
    --------PoC/Exploit--------
    PoC code is available at:
    http://evuln.com/vulns/146/exploit.html
    ---------Solution----------
    Not available
    ----------Credit-----------
    Vulnerability discovered by Aliaksandr Hartsuyeu
    http://evuln.com/xss/bbcode.html - recent XSS in bbcode