Saturday, December 14, 2024

SQL Injection Vulnerability

Share

A vulnerability was discovered in the ADOdb and can be exploited by hackers doing SQL injection attacks. The vulnerability only works on the PostgreSQL users. Andy Staudacher discovered the vulnerability and Secunia reported the issue as moderately critical on Tuesday.

The vulnerability itself showed up in previous version prior to the current 4.71 so the appropriate patchwork should be applied to all the previous version. The original release notes were posted at Sourceforge.net:

Recommended that all postgresql users upgrade to this version.
Fixes important postgresql security issues problems related
to binary strings. Thx to Andy Staudacher.

Also several DSN bugs fixed, including one introduced in 4.70
that corrupts underscores in the DSN, and in PHP5 DSN’s did
not work. Added support for PDO DSN connections.

And the changes include:

DSN bugs found:

1. Fix bugs in DSN connections introduced in 4.70 when
underscores are found in the DSN.

2. DSN with _ did not work properly in PHP5 (fine in PHP4). Fixed.

3. Added support for PDO DSN connections in
NewADOConnection(), and database parameter in PDO::Connect().

Other bugs:

The oci8 datetime flag not correctly implemented in ADORecordSet_array. Fixed.

Added BlobDelete() to postgres, as a counterpoint to UpdateBlobFile().

Fixed GetInsertSQL() to support oci8po.

Fixed qstr() issue with postgresql with \0 in strings.

Fixed some datadict driver loading issues in _adodb_getdriver().

Added register shutdown function session_write_close in adodb-session.inc.php for PHP 5 compat.

All this is in addition to other SQL injection vulnerabilities. On Monday, an injection vulnerability was found in Zoph. This one was rated as moderately critical and a vendor patch corrected the problem. This was also an injection vulnerability.

Secunia also discovered another SQL injection vulnerability in e-moBLOG. To exploit this, hackers must disable the “magic_quotes_gpc.” While the vulnerability was confirmed in the 1.3 version, other versions could be affect also.

Input passed to the “monthy” parameter in index.php and the “login” parameter in admin/index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

All these vulnerabilities showing up fairly close together suggests a little more editing might need to be done on these products. While they aren’t all exactly the same, SQL was the key to each and all were injection vulnerabilities. In any event, make sure updates are maintained and this will help eliminate problems.

Email the author document.write(“Email the author here.”)

Add to document.write(“Del.icio.us”) | DiggThis | Yahoo My Web

John Stith is a staff writer for Murdok covering technology and business.

Table of contents

Read more

Local News