VBZooM Forum Input Validation Bug in 'show.php' May Let Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1014585
|
|
SecurityTracker URL: http://securitytracker.com/id?1014585
|
|
CVE Reference: CVE-2005-4729
(Links to External Site)
|
Updated: Jul 6 2008
|
Original Entry Date: Jul 27 2005
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Description: Abducter reported an input validation vulnerability in VBZooM Forum. A remote user can inject SQL commands.
The 'show.php' script does not properly validate user-supplied input in the 'SubjectID' parameter. A remote user can supply a specially
crafted parameter value to execute SQL commands on the underlying database.
A demonstration exploit URL is provided:
http://[target]/vbzoomforum/show.php?UserID=1&M
ainID=10&SubjectID=[sql]
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.vbzoom.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "abducter_minds@yahoo.com" <abducter_minds@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 26 Jul 2005 04:39:02 -0700 (PDT)
From: "abducter_minds@yahoo.com" <abducter_minds@yahoo.com>
Subject: SQL IN VBZOOM FORUM
|
HI ALL
VBZooM FORUM IS APOPULAR FORUM HAVE MANY VERSION U CAN FIND SOURCE OF FORUM IN www.vbzoom.com
PROPLEM >>>THERE IS SQL INJECTION IN FILE NAMED show.php
if we typed this link in url www.victim.com/vbzoomforum/show.php?UserID=1&MainID=10&SubjectID
=[sql]
it will make an erorr in sql
EXPLIOT >>>www.victim.com/vbzoomforum/show.php?UserID=1&MainID=10&SubjectID=[sql]
EXAMPLE >>>http://www.vbzoom.com/vz/show.php?UserID=1&MainID=10&SubjectID=[sql]
DISCOVERED BY >> ABDUCTER [ABDUCTER_MINDS@YAHOO.COM] OR [ABDUCTER_MINDS76@HOTMAIL.COM]
GREETS >>> FOR ALL ARAB {EGYPT}
MY FRIEND DEVIL
TO MY LOVE :(
|
|
