Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Barracuda vuln.

TextFileBB 1.0.16 Multiple XSS

TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability

XSS Attack On DirectAdmin Hosting Managment

From:	r0t <krustevs_(at)_googlemail.com>
Date:	30.04.2006
Subject:	MaxTrade sql inj.

MaxTrade sql inj.

###############################################
Vuln. discovered by : r0t
Date: 30 april 2006
vendorlink:http://avalonbg.com/en_soft.html
affected versions:1.0.1 and prior
orginal advisory:http://pridels.blogspot.com/2006/04/maxtrade-sql-inj.html
###############################################

Vuln. Description:

MaxTrade contains a flaw that allows a remote sql injection
attacks.Inputpassed to the "categori" and "stranica" parameter in "
pocategories.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL
code.


examples:

/pocategories.php?stranica=categories&categori=[SQL]
/pocategories.php?stranica=[SQL]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/