egix@karmainsecurity ~ $

Sharetronix <= 3.1.1 (signup.php) Two SQL Injection Vulnerabilities

• Software Link:

http://sharetronix.com

• Affected Versions:

Version 3.1.1 and probably other versions.

• Vulnerabilities Description:

Input passed via the “fb_user_id” and “tw_user_id” parameters to /signup is not properly sanitised before being used in a SQL query in the /system/controllers/signup.php script. This can be exploited to conduct SQL injection and privilege escalation attacks.

• Solution:

No official solution is currently available.

• Disclosure Timeline:

[06/11/2013] – Vendor notified

[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”

[05/12/2013] – Public disclosure

• CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5354 to these vulnerabilities.

• Credits:

Vulnerabilities discovered by Egidio Romano, Secunia Research.

• Original Advisory:

http://secunia.com/secunia_research/2013-10