phpCheckZ 1.1.0 - Blind SQL Injection

EDB-ID:

15284




Platform:

PHP

Date:

2010-10-19


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

phpCheckZ 1.1.0 Blind SQL Injection Vulnerability

 Name              phpCheckZ
 Vendor            http://www.phpcheckz.com
 Versions Affected 1.1.0

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-10-19

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

phpCheckZ is a web application that allows you to  easily
create checklists for your website. 


II. DESCRIPTION
_______________

A parameter is not properly sanitised  before  being used
in a SQL query.


III. ANALYSIS
_____________

Summary:

 A) Blind SQL Injection
 

A) Blind SQL Injection
______________________

The parameters id in chart.php is  not properly sanitised
before being used in a SQL  query. This  can be exploited
to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation  requires that "magic_quotes_gpc"
is disabled. 


IV. SAMPLE CODE
_______________

A) Blind SQL Injection

http://site/path/chart.php?id=1' AND '1'='1
http://site/path/chart.php?id=1' AND '1'='0


V. FIX
______

No fix.