Patch for Yogurt writemessage.php original Parameter SQL Injection
Page 1 of 1
Patch for Yogurt writemessage.php original Parameter SQL Injection
###################################
Patch for Yogurt writemessage.php
original Parameter SQL Injection
vendor url:http://sourceforge.net/tracker/?group_id=112452
####################################
This is a manual fix for the last discovered sql
injection vulnerability in yogurt social network
#########################
vulnerability references:
#########################
http://osvdb.org/show/osvdb/55098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2034
http://www.milw0rm.com/exploits/8932
####################
SQL injection PoC
####################
http://localhost/yogurt/system/writemessage.php?original=
-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,
6,7,8+from+users--
###############
Specific vendor
###############
http://sourceforge.net/tracker/?func=detail&aid=
2813318&group_id=112452&atid=663715
###########
MANUAL FIX
###########
open writemessage.php and look this code =>
Line 79: if (isset($_GET['original']))
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
$_GET['original'], $db)
###############
change
################
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
intval($_GET['original']), $db)
####################€nd ########################
Patch for Yogurt writemessage.php
original Parameter SQL Injection
vendor url:http://sourceforge.net/tracker/?group_id=112452
####################################
This is a manual fix for the last discovered sql
injection vulnerability in yogurt social network
#########################
vulnerability references:
#########################
http://osvdb.org/show/osvdb/55098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2034
http://www.milw0rm.com/exploits/8932
####################
SQL injection PoC
####################
http://localhost/yogurt/system/writemessage.php?original=
-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,
6,7,8+from+users--
###############
Specific vendor
###############
http://sourceforge.net/tracker/?func=detail&aid=
2813318&group_id=112452&atid=663715
###########
MANUAL FIX
###########
open writemessage.php and look this code =>
Line 79: if (isset($_GET['original']))
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
$_GET['original'], $db)
###############
change
################
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
intval($_GET['original']), $db)
####################€nd ########################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Yogurt Social Network fans.php uid variable XSS
» Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
» Is your Nokia Cell Phone Original
» Code execution through SQL Injection
» SQL Injection and XSS vulnerability in coWiki
» Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
» Is your Nokia Cell Phone Original
» Code execution through SQL Injection
» SQL Injection and XSS vulnerability in coWiki
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum