MaxWebPortal custom_link.asp Multiple Variable SQL Injection

2005-04-27T04:24:33
ID OSVDB:16318
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-04-27T04:24:33

Description

Vulnerability Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'TOPIC_ID' and 'Forum_ID' variables in the 'custom_link.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MaxWebPortal.com has released a patch to address this vulnerability.

Short Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'TOPIC_ID' and 'Forum_ID' variables in the 'custom_link.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

custom_link.asp?method=Topic&TOPIC_ID=[Sql inject] custom_link.asp?method=Forum&Forum_ID=[Sql inject]

References:

Vendor URL: http://www.maxwebportal.com/ Vendor Specific Solution URL: http://www.maxwebportal.info/downloads/mwp_security_fixes.zip Vendor Specific News/Changelog Entry: http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update Security Tracker: 1013845 Secunia Advisory ID:15214 Secunia Advisory ID:15329 Related OSVDB ID: 16306 Related OSVDB ID: 16312 Related OSVDB ID: 16317 Related OSVDB ID: 16307 Related OSVDB ID: 16311 Related OSVDB ID: 16316 Related OSVDB ID: 16308 Related OSVDB ID: 16309 Related OSVDB ID: 16315 Related OSVDB ID: 16310 Related OSVDB ID: 16313 Related OSVDB ID: 16314 CVE-2005-1417 Bugtraq ID: 13466