Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25251
HistoryDec 08, 2010 - 12:00 a.m.

[www.eVuln.com] SQL Injection vulnerability in Alguest

2010-12-0800:00:00
vulners.com
24
JSON

New eVuln Advisory:
SQL Injection vulnerability in Alguest
Summary: http://evuln.com/vulns/154/summary.html
Details: http://evuln.com/vulns/154/description.html

-----------Summary-----------
eVuln ID: EV0154
Software: Alguest
Vendor: n/a
Version: 1.1c-patched
Critical Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
It is possible to inject arbitrary SQL query using "start" parameter in index.php script.
Parameter "start" is used in SQL query without any sanitation.
--------PoC/Exploit--------
PoC code is available at:
http://evuln.com/vulns/154/exploit.html
---------Solution----------
Not available
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/tool/web-security.html - HTTP query generator

JSON