PT-2011-14: SQL injection vulnerability in BoonEx Dolphin

Vulnerable software

BoonEx Dolphin
Version 6.1

Application link:
http://www.boonex.com

Severity level

Severity level: High
Impact: Multiple
Access Vector: Network exploitable

CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE: not assigned

Software description

Online dating software, open-source community platform, social networking script, niche social site engine.

Vulnerability description

Positive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack.

"SQL Injection" is a way to bypass network protection and attack the database. Settings transferred to the database through web applications are specially crafted to modify executable SQL query, for example, an attacker could execute additional query with the first one by adding different symbols to a setting.
An attacker can access data which is normally unavailable or obtain system configuration data and use it for further attacks.

Vulnerability exists in xml/get_list.php script.

Example:

http://target/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) )

How to fix

Positive Technologies experts recommend to filter user input data

Advisory status

29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure

Credits

The vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)

References

http://en.securitylab.ru/lab/PT-2011-14

Reports on the vulnerabilities previously discovered by Positive Research:

http://www.ptsecurity.com/advisory1.aspx
http://en.securitylab.ru/lab/

Threatscape