PT-2011-14: SQL injection vulnerability in BoonEx Dolphin
Severity level: High
Access Vector: Network exploitable
Base Score: 7.5
CVE: not assigned
Online dating software, open-source community platform, social networking script, niche social site engine.
Positive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack.
"SQL Injection" is a way to bypass network protection and attack the database. Settings transferred to the database through web applications are specially crafted to modify executable SQL query, for example, an attacker could execute additional query with the first one by adding different symbols to a setting.
An attacker can access data which is normally unavailable or obtain system configuration data and use it for further attacks.
Vulnerability exists in xml/get_list.php script.
http://target/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) )
How to fix
Positive Technologies experts recommend to filter user input data
29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure
The vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: