CVE-2010-1336
Description
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
INVOhost - SQL Injection
##########################[Andrés Gómez]##########################
# Exploit Title : INVOhost SQL Injection
# Date : 2010-04-24
# Author : Andrés Gómez
# Software Link : http://www.invohost.com/
# Contact : gomezandres@adinet.com.uy<mailto:gomezandres@adinet.com.uy>
# Dork : "Powered by INVOhost"
########################################################################
# An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the # integrity of your database and/or expose sensitive information.
########################################################################
# Example 1: http://server/site.php?id=%27
# Example 2: http://server/site.php?newlanguage=%00'
# Other files vulnerables: faq.php & manuals.php
########################################################################
# Malicious users may inject SQL querys into a vulnerable
# application to fool a user in order to gather data from them or see sensible information.
########################################################################
# Solution:
# $_GET = preg_replace("|([^\w\s\'])|i",'',$_GET);
# $_POST = preg_replace("|([^\w\s\'])|i",'',$_POST);
# Add them to your template index.php after the first <?php deceleration.
########################################################################
# Special Thanks : HYPERNETHOST & Security-Pentest
##########################[Andrés Gómez]#################################Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| invohost | invohost | 3.4 | |
References
- http://osvdb.org/63157
- http://osvdb.org/63158
- http://secunia.com/advisories/39095
- http://www.exploit-db.com/exploits/11874
- http://www.securityfocus.com/bid/38962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57162
- http://osvdb.org/63157
- http://osvdb.org/63158
- http://secunia.com/advisories/39095
- http://www.exploit-db.com/exploits/11874
- http://www.securityfocus.com/bid/38962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57162
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.