SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Ikonboard Vendors:   Ikonboard.com
Ikonboard Input Validation Holes in 'st' and 'keywords' Parameters Permit SQL Injection
SecurityTracker Alert ID:  1012598
SecurityTracker URL:  http://securitytracker.com/id/1012598
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Dec 16 2004
Original Entry Date:  Dec 16 2004
Impact:   Disclosure of system information, Disclosure of user information, Modification of user information
Exploit Included:  Yes  
Version(s): 3.1.0, 3.1.1, 3.1.2, and 3.1.3
Description:   Some input validation vulnerabilities were reported in Ikonboard. A remote user can inject SQL commands.

Alexander Anisimov of Positive Technologies reported that the 'ikonboard.cgi' script does not properly validate user-supplied input in the 'st' and 'keywords' parameters. A remote user can supply a specially crafted URL to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

http://[target]/support/ikonboard.cgi?act=ST&f=27&t=13066&hl=nickname&st=1'

http://[target]/support/ikonboard.cgi?act=Search&CODE=01&keywords='&type=name&forums=all&search_in=all&prune=0

The vendor has been notified.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ikonboard.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [MaxPatrol] SQL-injection in Ikonboard 3.1.x





[MaxPatrol] SQL-injection in Ikonboard 3.1.x

   Release Date:     December 16, 2004
   Date Reported:    December 2, 2004
   Severity:         High
   Application:      Ikonboard 3.1.x
   Affects versions: 3.1.0, 3.1.1, 3.1.2 and 3.1.3.
   Platform:         PHP



I. DESCRIPTION

Input passed to the "st" and "keywords" parameters in "ikonboard.cgi" is not properly sanitised before being used in a SQL query.
 This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


1) SQL injection in "st" parameter

Example:
http://host/support/ikonboard.cgi?act=ST&f=27&t=13066&hl=nickname&st=1'

Result:
Ikonboard CGI Error 
-----------------------------------------------------------------------
Ikonboard has exited with the following error: 

Can't query the data from 'forum_posts' Reason: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL
 server version for the right syntax to use near '', 20'

This error was reported at: line 1 Query: SELECT * FROM iB313_forum_posts WHERE TOPIC_ID = '13066' AND QUEUED <> '1' ORDER BY POST_DATE
 ASC LIMIT 1', 20 

Please note that your 'real' paths have been removed to protect your information. 
-----------------------------------------------------------------------


2) SQL injection in "keywords" parameter

Example:
http://host/support/ikonboard.cgi?act=Search&CODE=01&keywords='&type=name&forums=all&search_in=all&prune=0

Result:
Ikonboard CGI Error 
-----------------------------------------------------------------------
Ikonboard has exited with the following error: 

mySQL error
Can't query the data: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the
 right syntax to use near ') ORDER BY DATE DESC LIMIT 0,200'

This error was reported at: line 1 

Please note that your 'real' paths have been removed to protect your information. 
-----------------------------------------------------------------------


This vulnerability found automatically by full-featured commercial version of MaxPatrol.


II. IMPACT

   A remote user may be able to execute arbitrary SQL commands on the underlying database.

III. SOLUTION

   Not available currently.


IV. VENDOR FIX/RESPONSE

   Notified.


V. CREDIT

   This vulnerability was discovered by Positive Technologies using MaxPatrol
   (http://www.maxpatrol.com) - intellectual professional security scanner.
   It is able to detect a substantial amount of vulnerabilities not published
   yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of
   vulnerabilities in custom web-scripts (XSS, SQL and code injections, HTTP
   Response splitting).

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC