Vulnerability Note VU#183692

PHP Address Book sqli vulnerability

Original Release date: 05 Apr 2013 | Last revised: 05 Apr 2013

Overview

PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities.

Description

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

PHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple functions.
http://www.example.com/addressbook/register/checklogin.php?username={insert}&password=pass
http://www.example.com/addressbook/register/admin_index.php?q={insert}
http://www.example.com/addressbook/register/delete_user.php?id={insert}
http://www.example.com/addressbook/register/edit_user.php?id={insert}

Additional information on vulnerable functions can be found at Acadion Security advisory.

Impact

A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.

Solution

We are currently unaware of a practical solution to this problem.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
PHP Address BookAffected-03 Apr 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 9.0 AV:N/AC:L/Au:N/C:C/I:P/A:P
Temporal 6.5 E:U/RL:W/RC:UC
Environmental 1.7 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Jurgen Voorneveld of Acadion Security for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2013-0135
  • Date Public: 05 Apr 2013
  • Date First Published: 05 Apr 2013
  • Date Last Updated: 05 Apr 2013
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.