16-12-2004, 18.37.40
|
|||
|
|||
SQL-injection in Ikonboard 3.1.x
I. DESCRIPTION
Input passed to the "st" and "keywords" parameters in "ikonboard.cgi" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 1) SQL injection in "st" parameter Example: http://host/support/ikonboard.cgi?act=ST&f=27&t=13066&hl=nickname&st=1 ' Result: Ikonboard CGI Error ----------------------------------------------------------------------- Ikonboard has exited with the following error: Can't query the data from 'forum_posts' Reason: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '', 20' This error was reported at: line 1 Query: SELECT * FROM iB313_forum_posts WHERE TOPIC_ID = '13066' AND QUEUED <> '1' ORDER BY POST_DATE ASC LIMIT 1', 20 Please note that your 'real' paths have been removed to protect your information. ----------------------------------------------------------------------- 2) SQL injection in "keywords" parameter Example: http://host/support/ikonboard.cgi?act=Search&CODE=01&keywords='&type=n ame&forums=all&search_in=all&prune=0 Result: Ikonboard CGI Error ----------------------------------------------------------------------- Ikonboard has exited with the following error: mySQL error Can't query the data: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY DATE DESC LIMIT 0,200' This error was reported at: line 1 Please note that your 'real' paths have been removed to protect your information. ----------------------------------------------------------------------- This vulnerability found automatically by full-featured commercial version of MaxPatrol. II. IMPACT A remote user may be able to execute arbitrary SQL commands on the underlying database. III. SOLUTION Not available currently. IV. VENDOR FIX/RESPONSE Notified. V. CREDIT This vulnerability was discovered by Positive Technologies using MaxPatrol (http://www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP Response splitting). 
|
 |
| Strumenti discussione | |
| Modalità visualizzazione | |
|
|
Discussioni simili
|
||||
| Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
| Sql Injection in WordPress 2.1.3 | serverplan | Vulnerabilità | 0 | 22-05-2007 21.24.21 |
| Vbulletin 2.X sql injection | serverplan | Vulnerabilità | 0 | 26-09-2006 19.32.54 |
| SQL Injection vulnerability in bBlog 0.7.3 | serverplan | Vulnerabilità | 0 | 01-10-2004 21.06.08 |
| phpWebSite SQL Injection Vulnerabilities | serverplan | Vulnerabilità | 0 | 17-02-2004 11.54.19 |
| SQL injection in Php-Nuke 7.1.0 | serverplan | Vulnerabilità | 0 | 09-02-2004 22.05.30 |
Modalità lineare
