PT-2011-14: SQL injection vulnerability in BoonEx Dolphin
Vulnerable software
BoonEx Dolphin
Version 6.1
Application link:
http://www.boonex.com
Severity level
Severity level: High
Impact: Multiple
Access Vector: Network exploitable
CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE: not assigned
Software description
Online dating software, open-source community platform, social networking script, niche social site engine.
Vulnerability description
Positive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack.
"SQL Injection" is a way to bypass network protection and attack the database. Settings transferred to the database through web applications are specially crafted to modify executable SQL query, for example, an attacker could execute additional query with the first one by adding different symbols to a setting.
An attacker can access data which is normally unavailable or obtain system configuration data and use it for further attacks.
Vulnerability exists in xml/get_list.php script.
Example:
http://target/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) )
How to fix
Positive Technologies experts recommend to filter user input data
Advisory status
29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure
Credits
The vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)
References
http://en.securitylab.ru/lab/PT-2011-14
Reports on the vulnerabilities previously discovered by Positive Research:
http://www.ptsecurity.com/advisory1.aspx
http://en.securitylab.ru/lab/