what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

churchinfo.txt

churchinfo.txt
Posted Aug 5, 2005
Authored by tgo

ChurchInfo is susceptible to multiple path disclosure and SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 73a6668e42877f21013a42244916fca67cffcafb36e829d4c99e49634370bab7

churchinfo.txt

Change Mirror Download
----------------------------------
ChurchInfo Multiple Vulnerabilities
----------------------------------

ChurchInfo is affected by mutliple path disclosures and sql injections.

Vulnerabilties
--------------

1) The "PersonID" parameter on the following pages are vulnerable to sql injection and path disclosure.

PersonView.php
MemberRoleChange.php
PropertyAssign.php
WhyCameEditor.php
GroupPropsEditor.php
Reports/PDFLabel.php
UserDelete.php - First page gives path disclosure, then when you click yes you have sql injection

2) When an invalid "Number" parameter only the following pages is given a divide by zero error is produced resulting in path disclosure.

SelectList.php
SelectDelete.php

3) The "DepositSlipID" parameter on the following page is vulnerable to sql injection and path disclosure.

DepositSlipEditor.php

3) The "QueryID" parameter on the following page is vulnerable to sql injection and path disclosure.

QueryView.php

Also specific ids are vulnerable to sql injection.

QueryID?id=18 The search box is vulnerable to sql injection.
QueryID?id=19 An sql injection can be performed by editing the html source of the form.

There is about 5 more forms in this section where you can potenially edit the form, and inject but I did not test each one so I did not list them.

4) The "GroupID" parameter on the following pages are vulnerable to sql injection and path disclosure.

GroupView.php
GroupMemberList.php
MemberRoleChange.php
GroupDelete.php
/Reports/ClassAttendance.php
/Reports/GroupReport.php

5) The "GroupID" parameter on the following pages produces path disclosure when invalid input is given.

GroupPropsFormRowOps.php
/Reports/ClassAttendance.php
/Reports/ClassList.php
ConfirmLabels.php
/DirectoryReport.php
/Reports/NewsLetterLabels.php

6) The "PropertyID" parameter on the following page is vulnerable to sql injection and path disclosure.

PropertyEditor.php

7) The "FamilyID" parameter on the following pages are vulnerable to sql injection and path disclosure.

Canvas05Editor.php
CanvasEditor.php
FamilyView.php

8) The "PledgeID" parameter on the following pages are vulnerable to sql injection and path disclosure.

PledgeDetails.php

Misc
Many of the pages produced extract() errors when bogus input was fed leading to path disclosure.
A few pages also produced path disclosures when directly accessed. Also some pages when directly accessed gave an sql error about an empty parameter, but were not exploitable when the parameter was given. Since this is an open source product you can simply view the queries from the source, but if it was closed source this could help to determine table structure and queries.

Solution
--------
Properly cleansing user input before processing would eliminate all these errors.

Credit
------
thegreatone2176

Greets
------
Elohimus and pureone
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close