###################################
Patch for Yogurt writemessage.php
original Parameter SQL Injection
vendor url:http://sourceforge.net/tracker/?group_id=112452
####################################
This is a manual fix for the last discovered sql
injection vulnerability in yogurt social network
#########################
vulnerability references:
#########################
http://osvdb.org/show/osvdb/55098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2034
http://www.milw0rm.com/exploits/8932
####################
SQL injection PoC
####################
http://localhost/yogurt/system/writemessage.php?original=
-1+union+select+1,concat_ws(0x3a,username,password),3,4,5,
6,7,8+from+users--
###############
Specific vendor
###############
http://sourceforge.net/tracker/?func=detail&aid=
2813318&group_id=112452&atid=663715
###########
MANUAL FIX
###########
open writemessage.php and look this code =>
Line 79: if (isset($_GET['original']))
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
$_GET['original'], $db)
###############
change
################
Line 81: $rs = mysql_query("SELECT * FROM messages WHERE id=" .
intval($_GET['original']), $db)
####################€nd ########################
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....