Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection

From: ddivulnalert <ddivulnalert () ddifrontline com>
Date: Wed, 7 Dec 2011 10:51:50 -0600
Title
-----
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection

Severity
--------
High

Date Discovered
---------------
November 18, 2011

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@b13$

Vulnerability Description
-------------------------
The KnowledgeTree login.php login page is vulnerable to a blind SQL
injection vulnerability within the username field.  An attacker can
leverage this flaw to execute arbitrary SQL commands and extract
sensitive information from the backend database using standard blind
SQL exploitation techniques.  Additionally, an attacker may be able to
leverage this flaw to compromise the database server host OS.

Solution Description
--------------------
KnowledgeTree has released a patch which addresses the issue. The new
source is available at:
http://wiki.knowledgetree.org/Security_advisory:_KnowledgeTree_login.php_Blind_SQL_Injection

Tested Systems / Software
-------------------------
KnowledgeTree Version 3.7.0.2 (community edition)

Vendor Contact
--------------
Vendor Name: KnowledgeTree, Inc.
Vendor Website: http://www.knowledgetree.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: