Title: PurePostPro Arbitrary SQL Command Injection Vulnerability
Severity: MODERATE
Description:
PurePostPro is a freely available, open source script add-on to the ProFTPD ftp server. It was written and is maintained by Peter Garner.
A problem in the script could make it possible for a remote user to modify or inject arbitrary SQL commands on a vulnerable server. The problem is in the handling of file names.
Upon upload of a file to a PureFTPD server running the PurePostPro script, the PurePostPro script makes entries into a SQL database containing the name of the file, the user uploading the file, and an MD5 sum of the file.
A user uploading a file to a PureFTPD server running PurePostPro may inject or modify arbitrary SQL commands through malicious file names. By uploading a file with a name containing quotes, it is possible for the user to escape the current SQL query to modify the logic of the query.
This problem makes it possible for a remote user alter queries or execute arbitrary queries on a vulnerable system, and could also result in the exploit of other vulnerabilities such as buffer overflows in database software such as MySQL. This could lead to compromise of database resources, and potentially local compromise of the system.
Affected Products:
- PurePostPro PurePostPro 1.0.0
- PurePostPro PurePostPro 1.1.0
- PurePostPro PurePostPro 1.2.0
References:
- PurePostPro: PurePostPro Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
