Main Menu

VIP Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » All In One Control Panel (AIOCP) "xuser_name" and "did" Parameter Handling Remote SQL Injection Vulnerabilities

 

Release Date: 15/01/2007 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1016729 Cause: Input validation error
Solution Status: Unpatched Impact: SQL Injection
Exploit Status: None Available Access Vector: From remote
 
Affected Software: All In One Control Panel 1.x
 
References: FrSIRT/ADV-2007-0190
CVE: CVE-2007-0316
Secunia: SA23740

 

Description:

Multiple input validation vulnerabilities in All In One Control Panel (AIOCP) have been reported, which can be exploited by remote users to conduct SQL injection attacks.

1) User-supplied input passed to the "xuser_name" parameter when logging in is not properly sanitised before being used in a SQL query within shared/code/cp_authorization.php. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.

Successful exploitation allows access to the administration section but requires that "magic_quotes_gpc" is disabled.

2) User-supplied input passed to the "did" parameter in public/code/cp_downloads.php is not properly sanitised before being used in a SQL query within shared/code/cp_functions_downloads.php. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

 

Affected:

All In One Control Panel version 1.3.009 and confirmed in version 1.3.010. Other versions may also be affected.

 

Solution:

There was no vendor-supplied solution at the time of entry.

Edit source code manually to ensure user-supplied input is correctly sanitised.

 

Credits:

Coloss

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

12 Jan 07: All In One Control Panel "download_category" Parameter Handling R..

07 Nov 06: All In One Control Panel (AIOCP) Multiple SQL Injection and Cross..

07 Jun 07: All In One Control Panel "aiocp_dp" Parameter Handling Remote Cro..

03 May 07: All In One Control Panel (AIOCP) Remote Cross-Site Scripting Vuln..

15 Jan 07: All In One Control Panel (AIOCP) Unspecified Parameter Handling R..

[more ...]