F-Secure
Tools
Harlandscripts Pro Traffic One "trg" SQL Injection Vulnerability
| Report ID: | SA32467 |
| Source: | Secunia |
| Date of Discovery: | 30.10.2008 |
| Criticality: | Moderate |
| Affects: | Harlandscripts Pro Traffic One |
| Compromise From: | From remote |
| Compromise Type: | Manipulation of data Exposure of sensitive information |
Summary
A vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks.
Detailed Description
A vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "trg" parameter in mypage.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Input passed to the "trg" parameter in mypage.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution
Edit the source code to ensure that input is properly sanitised.