——————-Summary—————-
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: Middel
—————–Description—————
Olate download is prone to SQL injection in download.php file.
Lack of programmer’s knowledge about HTTP headers and process of assigning value to predefined global arrays, resulted to this bug.With a shallow look, on line app. 118-127 you’ll understand that programmers trusted to headers HTTP_REFERER and HTTP_USER_AGENT, unaware that hackers can modify them for his abuse.
code:119,download.php
$dbim->query(’INSERT INTO ‘.DB_PREFIX.’stats
SET file_id = ‘.$_REQUEST[’file’].’,
timestamp = “‘.time().’”,
ip = “‘.$_SERVER[’REMOTE_ADDR’].’”,
referrer = “xx’.$_SERVER[’HTTP_REFERER’].’”,
user_agent = “‘.$_SERVER[’HTTP_USER_AGENT’].’”‘);
————–Exploit———————-
headers:
reffered: ’sql
OR
user agent: ’sql
———–Solution———————
Update to 3.4.3
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
2 Responses to “Olate Download 3.4.2~download.php ~ sql injection”
Something to say?
You must be logged in to post a comment.
http://www.securityfocus.com/bid/25410
Left by imei on August 23rd, 2007
This issue has been addressed in the new 3.4.3 release of Olate Download
Left by gburnes on October 8th, 2007