Short Name |
HTTP:PHP:PHPNEWS:SQL-SENDTO |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PHPNews sendtofriend.php SQL Injection |
Release Date |
2005/01/27 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects SQL Injection in PHPNews. The PHPNews "sendtofriend" function does not properly sanitize user inputs. An attacker can retrieve any user credentials by submitting a user number to sendtofriend.php.
It is reported that PHPNews is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to utilizing it in an SQL query. An attacker can exploit this issue to manipulate and inject SQL queries into the underlying database. It may be possible to leverage this issue to steal database contents including user credentials as well as to attack the underlying database. Version 1.2.3 is reported susceptible to this vulnerability. Other versions may also be affected.