Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11301
HistoryFeb 05, 2006 - 12:00 a.m.

[KAPDA::#26] - MyTopix Sql Injection & Path Disclosure

2006-02-0500:00:00
vulners.com
27
JSON

KAPDA New advisory

Vendor: http://www.jaia-interactive.com
Vulnerable: Version: 1.2.3
Bug: Sql Injection & Path Disclosure
Exploitation: Remote with browser

Description:

MyTopix is a PHP-based message board system that uses
a MySQL database.

Vulnerability:

-Sql Injection :
The software does not properly validate user-supplied
input in 'search.php'. A remote user can create
specially crafted parameter values that will execute
SQL commands on the underlying database.

HTTP Method: GET
http://example.com/mytopix/index.php?a=search&CODE=02&mid=[SQL]

HTTP Method: POST
method="post"
action="http://example.com/mytopix/index.php?a=search&CODE=01"
name="keywords" value="kapda') AS topics_score FROM
my_posts p LEFT JOIN my_topics t ON t.topics_id =
p.posts_topic/*"

-Path Disclosure:
There is no restriction to access the includes files
directly.A remote user can supply a specially crafted
URL to cause the system to display an error message
that discloses the installation path.
http://example.com/mytopix/modules/logon.mod.php

Solution:

There is no vendor supplied patch for this issue at
this time.

Original Advisories:

http://kapda.ir/advisory-249.html
IN Farsi:
http://irannetjob.com/content/view/195/28/

Credit :

Discovered & released by trueend5 (trueend5 kapda ir)
Security Science Researchers Institute Of Iran
[http://www.KAPDA.ir]

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

JSON