|
Zainu 2.x SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Orginal advisory:http://pridels.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html
Vendor:http://www.zainu.com
affected version: 2.x and prior
Product Description:
Zainu lets you create and maintain professional music videos website,
simply the best software for excellent websites! it uses database to
store videos songs. Zainu can add/remove songs to playlist, mail a
song, search by artist/albums/songs, download option for songs,
add/approve/delete lyrics, rate songs and albums, view songs times
played, buy song or buy album, multiple songs can be added at once
from admin control panel ! it supports all audio formats
ram/rpm/rm/wav/mp3/wma/as f... you and your users can create unlimited
playlist and save your favorite songs to any of your created playlist.
You can show top songs, top albums, top artists, top genres, top songs
by genres, members playlist, view 5 new searches, play selected, play
all, playlist creator, embedded player with songs/album/artist
information with album/aritst covers! your users can upload multiple
songs, artist/albums gallery! Completly Automatic Update Music Videos
system. New Version features Shopping Cart, Artist/Album Gallery!
Vuln. description:
Input passed to the "term" and "start" parameters isn't properly
sanitised before being used in a SQL query.This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
example:
/index.php?in=song&term=[SQL]&action=search&start=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.
|
