Security Advisory: Barracuda vuln. - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  TextFileBB 1.0.16 Multiple XSS
  TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability
  XSS Attack On DirectAdmin Hosting Managment
  W-Agora 4.20 XSS

From: r0t <krustevs_(at)_googlemail.com>
Date: 30.04.2006
Subject: Barracuda vuln.

Barracuda vuln.

###############################################
Vuln. discovered by : r0t
Date: 30 april 2006
vendor:www.boonex.com/products/barracuda/
affected versions:1.1 and prior
orginal advisory:http://pridels.blogspot.com/2006/04/barracuda-vuln.html
###############################################

Vuln. Description:

Barracuda Directory contains a flaw that allows a remote sql injection
attacks.Input passed to the "link_dir_target" and "link_id_target" parameter
in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL
code.

examples:

/index.php?sid=[user_hash]&location=link_edit
&link_dir_target=[SQL]

/index.php?sid=[user_hash]&location=link_edit
&link_dir_target=1&link_id_target=[SQL]

+ Bonnus:

/index.php?location=[localfile]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/