store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Wed Jun 19, 2013 8:38 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
exi1ed0ne
 Post subject: Plesk "PLESKSESSID" SQL Injection Vulnerability
Unread postPosted: Thu Sep 13, 2007 5:30 pm 
Offline
Forum Regular
Forum Regular

Joined: Sun Nov 20, 2005 4:16 pm
Posts: 183
Location: Right Behind You!
Just had this hit my email, and thought I'd share:


TITLE:
Plesk "PLESKSESSID" SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA26741

VERIFY ADVISORY:
http://secunia.com/advisories/26741/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
Plesk 7.x
http://secunia.com/product/3833/
Plesk 8.x
http://secunia.com/product/12876/

DESCRIPTION:
A vulnerability has been reported in Plesk, which can be exploited by
malicious people to conduct SQL injection attacks.

Input passed to the "PLESKSESSID" cookie is not properly sanitised in
auth.php3 before being used in SQL queries. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in Plesk for Windows versions 7.6.1,
8.1.0, 8.1.1, and 8.2.0.

SOLUTION:
Apply the vendor patch.
http://kb.swsoft.com/en/2159

PROVIDED AND/OR DISCOVERED BY:
Nick I Merritt, HackerSafe Labs

ORIGINAL ADVISORY:
http://kb.swsoft.com/en/2159

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Last edited by exi1ed0ne on Thu Sep 13, 2007 5:44 pm, edited 1 time in total.

Top
 Profile  
 
exi1ed0ne
 Post subject:
Unread postPosted: Thu Sep 13, 2007 5:44 pm 
Offline
Forum Regular
Forum Regular

Joined: Sun Nov 20, 2005 4:16 pm
Posts: 183
Location: Right Behind You!
Link to linux flavored fix:

http://kb.swsoft.com/en/2169
Top
 Profile  
 
breun
 Post subject:
Unread postPosted: Thu Oct 11, 2007 7:27 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Plesk 8.2.1 also fixes this.

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Bing [Bot] and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group