PT-2011-14: SQL injection vulnerability in BoonEx Dolphin Vulnerable softwareBoonEx Dolphin Version 6.1Application link: http://www.boonex.com Severity levelSeverity level: High Impact: Multiple Access Vector: Network exploitable CVSS v2: Base Score: 7.5 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionOnline dating software, open-source community platform, social networking script, niche social site engine.Vulnerability descriptionPositive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack."SQL Injection" is a way to bypass network protection and attack the database. Settings transferred to the database through web applications are specially crafted to modify executable SQL query, for example, an attacker could execute additional query with the first one by adding different symbols to a setting. An attacker can access data which is normally unavailable or obtain system configuration data and use it for further attacks.Vulnerability exists in xml/get_list.php script.Example:http://target/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) ) How to fixPositive Technologies experts recommend to filter user input dataAdvisory status29.06.2011 - Vendor is notified 01.07.2011 - Vendor gets vulnerability details 23.08.2011 - Vulnerability details were sent to CERT 14.09.2011 - Public disclosureCreditsThe vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2011-14Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/