Topic: Potential SQL Injection Vulnerability in versions 2.9-0.7 and before

There appear to be SQL Injection vulnerabilities in FreeRealty 2.9-0.7 and earlier. User input is not properly validated or sanitized allowing a remote user to login without a valid user name and password.
The effects appear to be mitigated by additional checks within the script that recheck the user data.
There are currently no known exploits and no sites have been compromised that I am aware of.
Fixes are in the works and users are highly encouraged to upgrade as soon as the patch is released.

Security Focus

Patrick
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.

2 (edited by pat 2006-06-29 06:33:36)

Re: Potential SQL Injection Vulnerability in versions 2.9-0.7 and before

Updated code. Unpack this over the top of your current FR 2.9-0.7 install. This is only changed code.
http://freerealty.rwcinc.net/code/FR-2.9-0.7.1.tgz
Secunia has advised there was one more bug :
http://freerealty.rwcinc.net/code/FR-2.9-0.7.2.tgz should complete the required fixes

Patrick
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.