SQL injection vulnerability caused by loose filtering on two pages of WoDig community programs

WoDig Community Program Movie_list.asp does not strictly filter pages, resulting in SQL Injection Vulnerability

Affected Versions:
WoDig 4.1.2

Program introduction:

WODIG is a new community that integrates multiple WEB2.0 elements such as website mining, social tag classification, topic comments, topic groups, and Rss subscriptions using digg's democratic voting mode.

Vulnerability Analysis:

In the file movie_list.asp:
Tags_name = Request ("tags_name") // 20th rows
......
<% Call Default. Get_movieContent ("movie_list.asp") %> // 152nd rows
The Get_movieContent process is in the wolib/cls_class.asp file:
Public Sub Get_movieContent (pageurl) // 549th rows
......
If tags_name <> "" then // row 561st
SQL = SQL & "and Src_ID in (Select SrcTag_SrcID From wo_SrcTags Where SrcTag_Name =" & tags_name &")"
End if
The program does not filter the tags_name variable in the SQL statement, leading to the injection vulnerability.

Solution:
Vendor patch:
WoDig
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.wodig.com/


Information Source:
<* Source: Bug. Center. TeamHttp://www.cnbct.orgLink:Http://wavdb.com/vuln/1446*>

 

 

 

WoDig Community Program Members. asp page filtering is lax, leading to SQL Injection Vulnerability

Affected Versions:
WoDig 4.1.2

Program introduction:

WODIG is a new community that integrates multiple WEB2.0 elements such as website mining, social tag classification, topic comments, topic groups, and Rss subscriptions using digg's democratic voting mode.

Vulnerability Analysis:

In the file Members. asp: SearchType = HTMLEncode (Request ("SearchType") // 38th rowsSearchText = HTMLEncode (Request ("SearchText "))SearchRole = HTMLEncode (Request ("SearchRole "))CurrentAccountStatus = HTMLEncode (Request ("CurrentAccountStatus "))JoinedDateComparer = Left (Request ("JoinedDateComparer"), 1)LastPostDateComparer = Left (Request ("LastPostDateComparer"), 1)JoinedDate_picker = HTMLEncode (Request ("JoinedDate_picker "))LastPostDate_picker = HTMLEncode (Request ("LastPostDate_picker "))If SearchType = "all" then SearchType = "UserEmail like %" & SearchText & "% or UserName"If SearchText <> "" then item = item & "and (" & SearchType & "like %" & SearchText & "% )"If JoinedDate_picker <> "" and JoinedDateComparer <> "" then item = item & "and DateDiff (" & SqlChar & "d" & SqlChar & "," & JoinedDate_picker &", userRegisterTime) "& JoinedDateComparer &" 0"If LastPostDate_picker <> "" and LastPostDateComparer <> "" then item = item & "and DateDiff (" & SqlChar & "d" & SqlChar & "," & LastPostDate_picker &", userActivityTime) "& LastPostDateComparer &" 0"If SearchRole <> "" then item = item & "and UserRoleID =" & SearchRole &""If CurrentAccountStatus <> "" then item = item & "and UserAccountStatus =" & CurrentAccountStatus & "" multiple numeric variables are filtered using the filter character function, resulting in the injection vulnerability.

Solution:
Vendor patch
WoDig
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.wodig.com/

Information Source:
<* Source: Bug. Center. Team http://www.cnbct.org
Link: http://wavdb.com/vuln/1444 *>