what you don't know can hurt you

BoonEx Dolphin 6.1 SQL Injection

BoonEx Dolphin 6.1 SQL Injection
Posted Oct 18, 2011
Authored by Yuri Goltsev | Site ptsecurity.com

Positive Research Center has discovered an SQL injection vulnerability in Dolphin version 6.1 due to a lack of input validation.

tags | advisory, sql injection
MD5 | 636687f3905f70ccf405816629109c6d

BoonEx Dolphin 6.1 SQL Injection

Change Mirror Download
----------------------------------------------------------------------

(PT-2011-14) Positive Technologies Security Advisory

SQL injection vulnerability in BoonEx Dolphin 6.1

----------------------------------------------------------------------

---[ Vulnerable platform ]

BoonEx Dolphin 6.1

Link: http://www.boonex.com


---[ Severity level ]

Severity level: High
Impact Type: Multiple
Access Vector: Network exploitable


CVSS v2:
Base Score: 7.5
Temporal Score: 5.9
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:P/RL:O/RC:C)

CVE: not assigned

---[ Software description ]

Online dating software, open-source community platform, social networking script, niche social site engine.

---[ Vulnerability description ]

Positive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack.

"SQL Injection" is a way to bypass network protection and attack the database. Settings transferred to the database through Web applications are specially crafted to modify executable SQL query, for example, an attacker could execute additional query with the first one by adding different symbols to a setting.
An attacker can access data which is normally unavailable or obtain system configuration data and use it for further attacks.


--[ How to fix ]

Positive Technologies experts recommend to filter user input data

--[ Advisory status ]
29.06.2011 - Vendor is notified
01.07.2011 - Vendor gets vulnerability details
23.08.2011 - Vulnerability details were sent to CERT
14.09.2011 - Public disclosure


---[ Credits]
The vulnerability was detected by Yuri Goltsev, Positive Research Center (Positive Technologies Company)

---[ References ]

http://en.securitylab.ru/lab/PT-2011-14

Reports on the vulnerabilities previously discovered by Positive Research:

http://www.ptsecurity.com/advisory1.aspx
http://en.securitylab.ru/lab/

---[ About Positive Technologies ]

Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia.

The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; development of the Securitylab leading Russian information security portal.

Among the clients of Positive Technologies, there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, the CIS countries, the Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, the Republic of South Africa, Thailand, Turkey, and the USA.

Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close