Bug 129876

Summary:	www-apps/phpwebsite : <= 0.10.? (topics.php) Remote SQL Injection Exploit
Product:	Gentoo Security	Reporter:	Eduardo Tongson <propolice>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.securityfocus.com/archive/1/430884/30/0/
Whiteboard:	B3 [upstream] ed
Package list:		Runtime testing required:	---

Description Eduardo Tongson 2006-04-13 15:57:45 UTC

"""snip"""
---------------------------------------------------------------------------
phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author    : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/1525
Remote  :  Yes
Local     :  No
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : phpWebSite
version     : 0.10.?
URL         : http://phpwebsite.appstate.edu/
...
------------------------------------------------------------------
"""snip"""

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2006-04-22 03:26:38 UTC

ed: Any clue on a fixed version ? or patch ?

Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-04-23 02:18:18 UTC

> Exploit:
> ~~~~~~~~
> # http://example.com/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1


This seems incorrect. There's no "topics.php" in our phpwebsite-0.10.2_rc2

'0.10.0-full was the last release to ship with a
topics.php file. The file was part of "convert".' [1]


[1] http://www.securityfocus.com/archive/1/431025/30/0/threaded

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2006-04-28 12:15:09 UTC

Closing as INVALID, feel free to reopen if you have any evidence we are indeed affected.