Info

Disclosure

Jan 03, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

NKads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Admin Login not properly sanitizing user-supplied input to the 'usuario_nkads_admin' and 'password_nkads_admin' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

NKStudios

NKAds

1.0 Alfa3

References

Secunia Advisory ID: 18302
CVE ID: 2006-0085 (see also: NVD)
Related OSVDB ID: 22207
VUPEN Advisory: ADV-2006-0040
Vendor URL: http://nkads.nkstudios.net
Other Advisory URL: http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt

Credit

SoulBlack - Security Research - groupsoulblack.com.ar - SoulBlack - Security Research

Direct URL: http://osvdb.org/22206