Tamlyn Software Forum
September 20, 2014, 04:00:23 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: New support ticket system launched! We've just implemented a new support system that will eventually replace this forum. If you have an issue, please raise a ticket.
http://tamlynsoftware.com/contact-us/support-tickets.html

 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: SQL Injection vulnerability in BF Survey Pro v1.2.5 or lower  (Read 6814 times)
tuum
Administrator
Hero Member
*****
Posts: 2615


WWW
« on: September 17, 2009, 02:30:29 AM »

Last night I became aware of a SQL Injection vulnerability in BF Survey Pro. I have developed a fix and released a new version to address this issue.
I strongly advise that you upgrade to BF Survey Pro v1.2.6 as soon as possible to protect your site.
http://www.nessus.org/plugins/index.php?view=single&id=40988

What is a SQL Injection?
Basically a hacker can potentially run SQL commands on your Joomla site, for example resetting the administrator password.

What is the vulnerability?
In the function updateOnePage() in the file /components/com_bfsurvey_pro/controller.php

The following line of code can be exploited by hackers
$table = JRequest::getVar( 'table', "", 'post', 'string' );

The fix is to replace this line of code with the following:
$catid = JRequest::getVar( 'catid', 0, '', 'int' );
global $mainframe;
$table=$mainframe->getCfg('dbprefix')."bfsurveypro_".$catid;



Products Effected:
BF Survey Pro v1.2.5 or lower  (fixed in version 1.2.6)
BF Survey Basic v1.0 (fixed in version 1.1)
BF Quiz v1.1.1 (fixed in version 1.2 or greater)
Please note: no update was sent for BF Quiz as the current version does not have this vulnerability.

I have emailed out updates to customers who have purchased these products. If you missed out, just send me an email with proof of purchase (date purchased, paypal email address used etc).

Free/trial versions have been updated. If you are currently using these product I recommend that you upgrade to the current version.

To date I am not aware of any sites that have been effected by this vulnerability, however I strongly advise you to update as soon as possible to protect yourself.

regards

Tim
Logged

Follow me on Twitter @bfsurvey
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!