iGiveTest 2.1.0 SQL Injection Vulnerability
There is an SQL Injection vulnerability in iGiveTest 2.1.0 which may allow an attacker to take control of the software.
Software Link: iGiveTest
Vulnerable Version: <= 2.1.0
# [2011-03-20] email@example.com and firstname.lastname@example.org
# [2011-03-22] Received vender confirmation.
# [2011-06-22] No patch available. Advisory released.
# SQL Injection # <= 2.1.0 # Unpatched
The vulnerability is due to failure in "/users.php" to correctly sanitize user-supplied data in the "userids" parameter.
A user with "guest" level privilages, or higher, can execute arbitrary SQL commands. An attacker without privilages could leverage an authorized user's session via a Cross-Site Request Forgery (CSRF) if the user browses a malicious page during an authorized session.
The following proof of concept is available :