iGiveTest 2.1.0 SQL Injection Vulnerability

There is an SQL Injection vulnerability in iGiveTest 2.1.0 which may allow an attacker to take control of the software.

Software

Software Link: iGiveTest

Vulnerable Version: <= 2.1.0

Vendor Notification:

# [2011-03-20] software@sight2k.com and support@sight2k.com

# [2011-03-22] Received vender confirmation.

# [2011-06-22] No patch available. Advisory released.

Vulnerabilities

# SQL Injection # <= 2.1.0 # Unpatched

The vulnerability is due to failure in "/users.php" to correctly sanitize user-supplied data in the "userids" parameter.

A user with "guest" level privilages, or higher, can execute arbitrary SQL commands. An attacker without privilages could leverage an authorized user's session via a Cross-Site Request Forgery (CSRF) if the user browses a malicious page during an authorized session.

The following proof of concept is available :

Reference

# OWASP: Cross-Site Request Forgery (CSRF)

# OWASP: SQL Injection

Appendix

[TXT] iGiveTest v2.1.0 SQL Injection Vulnerability