Potential SQL Injection Vulnerability in versions 2.9-0.7 and before (Page 1) - Bugs

Check the Bugs thread for important notice regarding authentication bypass

June 26, 2010: I blew away a number of accounts - if you are a legitimate user and your account is gone, my bad. Recreate it.
I have unlocked the registrations page - seems that there was heavy bot registrations for a while. If you have an account that "disappears" it's because you never verified your account or linked to unrelated web sites in your profile. "Unrelated web sites" is a subjective term and I am the final arbiter on such matters
Due abuse by spambots you will be required to create an account before posting. If you are unable to create an account for any reason simply send mail to our email list
June 24, 2010 Release candidate 3.0-0.rc10 is available for testing demo
Make sure to grab a copy and check out the demo

Potential SQL Injection Vulnerability in versions 2.9-0.7 and before

Pages 1

You must login or register to post a reply

1 Topic by pat 2006-06-28 17:02:52

pat
Administrator
Offline

Registered: 2004-04-21
Posts: 344

Topic: Potential SQL Injection Vulnerability in versions 2.9-0.7 and before

There appear to be SQL Injection vulnerabilities in FreeRealty 2.9-0.7 and earlier. User input is not properly validated or sanitized allowing a remote user to login without a valid user name and password.
The effects appear to be mitigated by additional checks within the script that recheck the user data.
There are currently no known exploits and no sites have been compromised that I am aware of.
Fixes are in the works and users are highly encouraged to upgrade as soon as the patch is released.

Security Focus

Patrick
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.

2 Reply by pat 2006-06-28 22:10:23

pat
Administrator
Offline

Registered: 2004-04-21
Posts: 344

Re: Potential SQL Injection Vulnerability in versions 2.9-0.7 and before

Updated code. Unpack this over the top of your current FR 2.9-0.7 install. This is only changed code.
http://freerealty.rwcinc.net/code/FR-2.9-0.7.1.tgz
Secunia has advised there was one more bug :
http://freerealty.rwcinc.net/code/FR-2.9-0.7.2.tgz should complete the required fixes

Last edited by pat (2006-06-29 06:33:36)

Posts [ 2 ]

Pages 1

You must login or register to post a reply