lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: pigrelax at yandex.ru (pigrelax) Subject: SQL injection in BroadBoard Instant ASP Message Board BroadBoard Instant ASP Message Board URL: http://www.broadboard.com/ 1. software does not properly validate user-supplied input in the 'keywords' parameter in search.asp: http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL code]&method=1&method=1&body=1&subject=1&board=1&results=1 2. software does not properly validate user-supplied input in the 'handle' parameter in profile.asp: http://broadboard/forum/profile.asp?handle=['SQL code] 3. software does not properly validate user-supplied input in the 'txtUserHandle' parameter in reg2.asp: POST /forum/reg2.asp HTTP/1.1 Host: broadboard Content-Type: application/x-www-form-urlencoded Content-Length: 121 txtNameFirst=1&txtNameLast=1&txtUserEmail=sales@...patrol.com&txtUserHandle= ['SQL code]&txtUserPwd=1&txtUserCPwd=1&cmdRegister=1 4. software does not properly validate user-supplied input in the 'txtUserEmail' parameter in forgot.asp: POST /forum/forgot.asp HTTP/1.1 Host: broadboard Content-Type: application/x-www-form-urlencoded Content-Length: 24 txtUserEmail=['SQL code]&cmdSend=1 MaxPatrol is a professional network security scanner distinguished by its uncompromisingly high quality of scanning, optimized for effective use by companies of any size (serving from a few to tens of thousands of nodes). MaxPatrol developers were able quite simply to "ignore" about 40% of the newly published vulnerabilities because their product's intelligent algorithms had already detected them. http://www.Maxpatrol.com
Powered by blists - more mailing lists