[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SQL Injection Vulnerability in bfExplorer 0.0.6
From: security () armorize ! com
Date: 2006-10-31 2:41:07
Message-ID: 20061031024107.9915.qmail () securityfocus ! com
[Download RAW message or body]
Armorize Technologies Security Advisory
Advisory No:
Armorize-ADV-2006-0007
Status:
Partial
Date:
2006/10/31
Summary:
Armorize-ADV-2006-0007 discloses SQL injection vulnerability that is found in \
bfExplorer (BytesFall Explorer, http://sourceforge.net/projects/bfexplorer), which is \
is a web-based file manager written in PHP and JavaScript and licensed under the GNU \
GPL.
Affected Software:
bfExplorer 0.0.6
Vulnerability Description:
SQL Injection
Analysis/Impact:
Unexpected SQL statements may lead to the disclosure of sensitive information and \
security breach on the host server.
Detection/Exploit(partial):
bfExplorer-0.0.6/libs/sessions.lib.php
Protection/Solution:
1. Escape every questionable query.
2. Utilize prepared statements to create secure database queries.
Credit: Security Team at Armorize Technologies, Inc. (security@armorize.com)
Additional Information:
Link to this Armorize advisory
http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0007
Links to all Armorize advisories
http://www.armorize.com/advisory/
Links to Armorize vulnerability database
http://www.armorize.com/resources/vulnerability.php
Armorize Technologies is delivering the world's most advanced source code analysis \
solution for Web application security based on its award-winning and patent-pending \
verification technologies. Addressing security early in the software development life \
cycle (SDLC), Armorize CodeSecure proactively identifies and traces vulnerabilities \
in Web application source code, effectively hardening websites against today's ever \
growing security threats. CodeSecure's zero-false-positive accuracy, traceback \
support and Web 2.0-based interface make it the premium Web application security \
solution. For more information please visit: http://www.armorize.com.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic