Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   Pentacle In-Out Board Vendors:   G2Soft.Net
Pentacle In-Out Board Input Validation Bugs in 'newsdetailsview.asp' and 'login.asp' Permit SQL Injection
SecurityTracker Alert ID:  1015682
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 6.03
Description:   A vulnerability was reported in Pentacle In-Out Board. A remote user can inject SQL commands. A remote user can bypass authentication.

The 'newsdetailsview.asp' script does not properly validate user-supplied input in the 'newsid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit URL is provided:


The 'login.asp' script is also vulnerable. A remote user can exploit this to bypass authentication. A demonstration exploit URL is provided:

http://[site]/[ptdir]/login.asp?username=any&password=' or '1'='1

The vendor was notified on February 25, 2006.

Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI reported this vulnerability.

The original advisories are available at:

Impact:   A remote user can execute SQL commands on the underlying database. This can be exploited to bypass authentication.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] Advisory: Pentacle In-Out Board <= 6.03

--Security Report--
Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL
Injection Vulnerability
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
Date: 25/02/06 06:08 AM
ICQ: 10072
Vendor: G2SOFT (
Version: 6.03 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL query to
Level: Critical
GET -> http://[site]/[ptdir]/newsdetailsview.asp?newsid=11%20[SQLCode]
With this example remote attacker could get admin's username and password.
* 25/02/2006: Vulnerability found.
* 25/02/2006: Contacted with vendor and waiting reply.
Original advisory:

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC