Home page logo

fulldisclosure logo Full Disclosure mailing list archives

SQL injection in EveryDNS.net Service
From: "Calum Power" <enune () fribble net>
Date: Wed, 2 Feb 2005 16:42:21 +1100 (EST)

The following advisory is also mirrored at

--------------- 02/02/2005 ---------------
-- Fribble.net Security Announcement    --
Security Advisory: SQL injection and path disclosure in EveryDNS.net service

Discovered by: Calum Power [Enune]
Versions Affected: <= 24/01/2005
Unaffected versions: > 25/01/2005

Product Description:
EveryDNS.net is a free, online DNS service. From vendor website:
"We provide static DNS services as well as many advanced services such as
Dynamic DNS resolution, Secondary service,
AXFR service, and domain2web redirection."

* SQL Injection vulnerability may lead to viewing of secure information,
including access to private DNS accounts.
* Path disclosure provides privileged information to potentially malicious
users, which could be used in an attack.

The main EveryDNS website script, 'index.php' has a blue login form in the
bottom left corner of the page.
All data in this form is sanitized, except for the 'username' field. When
unexpected characters, such as single-quotation
marks are submitted using this field, a SQL error may occur, disclosing
the location of the EveryDNS.net scripts on their

Additionally, due to the unfiltered nature of this form field, a malicious
user may be able to manipulate the database
query into providing them with access and/or information they would not
otherwise be authorized to see.

Impact: Critical
This vulnerability could lead to the compromise of private DNS accounts,
including records and zone information.
If a malicious user was to gain access to a private account, he/she would
be able to 'hijack' the domain via the redirection
of the domain records to an internet server under their control.

This vulnerability was discovered by Calum Power [Enune] on the 24th day
of January 2005. The vendor was subsequently
notified and the hole fixed within 24-hours. Calum would like to thank
David Ulevitch for his prompt response to this
advisory, and commends the EveryDNS service on it's great service to the
internet community.

2005 Calum Power (Enune) - www.fribble.net
This advisory may be quoted, transmitted or copied in any way, providing
this original author credit is kept intact.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • SQL injection in EveryDNS.net Service Calum Power (Feb 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]