'SQL Injection Vulnerability in bfExplorer 0.0.6'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    SQL Injection Vulnerability in bfExplorer 0.0.6
From:       security () armorize ! com
Date:       2006-10-31 2:41:07
Message-ID: 20061031024107.9915.qmail () securityfocus ! com
[Download RAW message or body]

Armorize Technologies Security Advisory

Advisory No:
Armorize-ADV-2006-0007

Status:
Partial

Date:
2006/10/31

Summary:
Armorize-ADV-2006-0007 discloses SQL injection vulnerability that is found in \
bfExplorer (BytesFall Explorer, http://sourceforge.net/projects/bfexplorer), which is \
is a web-based file manager written in PHP and JavaScript and licensed under the GNU \
GPL.

Affected Software:
bfExplorer 0.0.6

Vulnerability Description:
SQL Injection

Analysis/Impact:
Unexpected SQL statements may lead to the disclosure of sensitive information and \
security breach on the host server.

Detection/Exploit(partial):
bfExplorer-0.0.6/libs/sessions.lib.php

Protection/Solution:
1. Escape every questionable query.
2. Utilize prepared statements to create secure database queries.

Credit: Security Team at Armorize Technologies, Inc. (security@armorize.com)

Additional Information:
Link to this Armorize advisory
http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0007

Links to all Armorize advisories
http://www.armorize.com/advisory/

Links to Armorize vulnerability database
http://www.armorize.com/resources/vulnerability.php

Armorize Technologies is delivering the world's most advanced source code analysis \
solution for Web application security based on its award-winning and patent-pending \
verification technologies. Addressing security early in the software development life \
cycle (SDLC), Armorize CodeSecure proactively identifies and traces vulnerabilities \
in Web application source code, effectively hardening websites against today's ever \
growing security threats. CodeSecure's zero-false-positive accuracy, traceback \
support and Web 2.0-based interface make it the premium Web application security \
solution. For more information please visit: http://www.armorize.com.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic