Monday, October 29, 2007

Wordreference.com Vulnerable

Hi all,
today I've found two different kinds of vulnerability on www.wordreference.com .
As you know wordreference is one of the most important free dictionary in the net and thank to it I've learned a little English; for this reason I'll not post some real examples how to exploit it but I'll show just a proof of that.
The first vulnerability is a classic SQL Injection while the second one is a classic buffer over flaw, on arithmetic operation.First of all put a really common word as "a", you'll find a lot of translation and at the end of the page you'll find the "next 100" link as the following image shows






Pressing on this link and looking on the URL bar you'll see something like that






Try to change the "start" parameter putting the value "-1" and here we go ! You should see that:



But it's not enough, if you try to put also a long string in order to break into the pointer like the following one



You'll see another error like the following one



This is another bad example of input checking... Maybe a lot of problems could be resolved just putting a right input check inside application.

1 comment:

kelly handbag said...

Good job. thanks for sharing. Love your post.