Description
The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
Affected products
- blentz / smbind0.4.7
- blentz / smbind0.2 – 0.2
- blentz / smbind0.2.1 – 0.2.1
- blentz / smbind0.3.1 – 0.3.1
- blentz / smbind0.4 – 0.4
- blentz / smbind0.4.1 – 0.4.1
- blentz / smbind0.4.2 – 0.4.2
- blentz / smbind0.4.3 – 0.4.3
- blentz / smbind0.4.4 – 0.4.4
- blentz / smbind0.4.5 – 0.4.5
- blentz / smbind0.4.6 – 0.4.6
References
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/05/5
- MISChttp://sourceforge.net/projects/smbind/files/smbind/0.4.8/smbind-0.4.8.tar.bz2/download
- VENDOR_ADVISORYhttp://www.debian.org/security/2010/dsa-2103
- EXPLOIThttp://packetstormsecurity.org/1009-exploits/smbind-sql.txt
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2010/09/07/10