Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code

INFORMATION:
-------------------------
Class: SQL Injection
CVE: CVE-2006-2042
Remote: Yes
Local: Yes
Published: May 09, 2006
Credit: Brian Gallagher <brian@diamondsea.com>
Vulnerable:
  Dreamweaver Ultradev
  Dreamweaver MX
  Dreamweaver MX 2004
  Dreamweaver 8 (fixed in version 8.0.2)

DISCUSSION
-------------------------

There are multiple SQL Injection vulnerabilities in the code generated
by Adobe's Macromedia Dreamweaver prior to versino 8.0.2.  This
vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP
server models.  If the database server is configured to allow local
system commands to be executed via database calls, this vulnerability
may also allow local code execution.

Dreamweaver offers powerful rapid-application design (RAD) tools for
quickly and easily creating Internet and Intranet applications for a
variety of server models (databases and languages).  The code
generated automatically by these functions does not properly validate
input and are vulnerable to SQL Injection attacks from remote users.

Macromedia (now Adobe) was notified of the problem in October 2005. 
They have been working cooperatively to remedy this problem, including
examining and updating all their server models.  If all vendors were
this cooperative and responsive, the digital world would be a safer
and better place.

Adobe today released the updated version of Dreamweaver 8.0.2 (free
download) along with instructions on how to workaround the problem in
code developed in earlier versions of Dreamweaver.

The Adobe announcement can be found here:

  http://www.adobe.com/support/security/bulletins/apsb06-07.html


EXPLOIT
-------------------------

This vulnerability can be exploited by standard SQL injection techniques.

The documentation supplied by Adobe in their release details where the
vulnerabilities exist and how to correct them.

If a web server's database allows access to the system commands
through SQL queries local command execution is possible.

SOLUTION
-------------------------

Dreamweaver 8:  Install the free updater to version 8.0.2 and recreate
your server components to use the new more secure code.
Dreamweaver MX 2004: Follow the directions for your server model on
how to secure your existing code.
Dreamweaver MX, Ultradev: Read the directions for the MX 2004 fixes
and adapt these to your code.

REFERENCES
-------------------------

Macromedia Security Bulletin: Dreamweaver Server Behavior SQL
Injection vulnerability
http://www.adobe.com/support/security/bulletins/apsb06-07.html

Dreamweaver Support Center: Updaters
http://www.adobe.com/support/dreamweaver/downloads_updaters.html

Protecting ColdFusion server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=300b670e

Protecting PHP server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=30037473

Protecting ASP VBScript server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=57ae79b2

Protecting ASP JavaScript server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=581a553c

Protecting JSP server behaviors from SQL injection vulnerability
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=585ac720

--
 Brian Gallagher - DiamondSea.com - brian@diamondsea.com
 We Make E-Commerce Easy - No Technical Experience Required
 Consulting - E-Commerce - Web Site Design - Custom Programming
 http://www.DiamondSea.com - Toll-Free: 800-604-1476 - Fax: 888-411-8144