Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability  

Vendor: Athlete Web Services, Inc. / AWS Sports  

Product Web Page: 855K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4@1K9r3I4W2N6r3g2%4k6h3u0K6k6i4u0$3K9h3y4W2M7#2)9J5k6h3y4G2L8g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7

Summary: Content Management System (PHP+MySQL).  

Description: The CMS is vulnerable to an SQL Injection attack when input is  

passed to the "news_id" parameter. The script fails to properly sanitize the  

input before being returned to the user allowing the attacker to compromise  

the entire DB system and view sensitive information.  

=============================================================================  

GET .../show_news.php?news_id=xx%27  

1064 - You have an error in your SQL syntax. Check the manual that corresponds  

to your MySQL server version for the right syntax to use near '\'' at line xx.  

=============================================================================  

Affected Version: 1.1 and 2.0  

Tested On: Microsoft IIS 6.0  

           MySQL 4.0.15-log  

           PHP 4.3.3  

Vulnerability Discovered By: Gjoko 'LiquidWorm' Krstic  

liquidworm gmail com  

15cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4A6W2M7X3!0K6j5$3W2W2L8X3y4W2i4K6u0W2L8h3E0Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

Vendor Status: [05.06.2010] Vulnerability discovered.  

               [09.08.2010] Vendor contacted.  

               [13.08.2010] No response from vendor.  

               [14.08.2010] Public advisory released.  

Zero Science Lab Advisory ID: ZSL-2010-4949  

Advisory URL: 5f8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4A6W2M7X3!0K6j5$3W2W2L8X3y4W2i4K6u0W2L8h3E0Q4x3V1k6W2L8W2)9J5c8Y4k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6r3W2W2M7#2)9J5c8W2A6e0e0q4)9J5k6o6t1H3x3e0m8Q4x3X3b7@1z5e0b7&6i4K6u0W2M7r3S2H3i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

Vector:  

-----------------------------------------------------------------------------  

Dork: "Designed and powered by AWS Sports"  

Query: b9bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4k6#2L8r3&6H3j5h3N6W2i4K6u0W2N6r3I4V1i4K6u0r3M7$3S2G2N6#2)9#2k6X3&6W2N6%4y4Q4x3X3g2H3K9s2m8Q4x3@1k6F1k6i4N6K6i4K6g2X3K9h3c8Q4x3@1c8^5P5q4)9J5b7X3q4F1k6q4)9J5b7U0q4Q4x3@1b7H3i4K6u0n7i4K6t1#2x3U0m8#2L8X3W2G2L8W2)9J5y4e0t1H3M7$3g2D9k6h3y4@1i4K6t1#2x3U0m8V1j5i4c8S2j5X3q4K6k6g2)9J5y4e0t1^5i4K6t1#2x3U0W2Q4x3V1x3J5i4K6u0o6x3#2)9J5b7K6c8Q4x3V1x3#2i4K6u0o6y4W2)9J5b7K6N6Q4x3X3g2Q4x3X3g2Q4y4f1u0F1i4K6g2p5i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

Admin: 80cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4k6#2L8s2m8S2k6$3g2Q4x3X3g2@1L8r3c8Q4x3V1k6S2k6r3#2A6L8W2)9J5c8X3W2F1k6r3g2^5i4K6u0W2M7r3S2H3i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

-----------------------------------------------------------------------------

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课