Forum Russian Board (FRB) memory.php Multiple Variable SQL Injection

2005-06-21T09:35:14
ID OSVDB:17504
Type osvdb
Reporter 1dt.w0lf & foster()
Modified 2005-06-21T09:35:14

Description

Vulnerability Description

Forum Russian Board (FRB) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'memory.php' script not properly sanitizing user-supplied input to the 'table_sql[users]' and 'table_sql[banlist]' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Forum Russian Board (FRB) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'memory.php' script not properly sanitizing user-supplied input to the 'table_sql[users]' and 'table_sql[banlist]' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

memory.php?board_user_cook=1&board_user_id=1&board_user_passw=1&table_sql[users]=[SQL] memory.php?board_user_cook=1&board_user_id=1&board_user_passw=1&table_sql[users]=[DB].[TBL]&table_sql[banlist]=[SQL]

References:

Vendor URL: http://www.carline.ru/ Secunia Advisory ID:15787 Related OSVDB ID: 17494 Related OSVDB ID: 17496 Related OSVDB ID: 17506 Related OSVDB ID: 17485 Related OSVDB ID: 17500 Related OSVDB ID: 17502 Related OSVDB ID: 17484 Related OSVDB ID: 17486 Related OSVDB ID: 17495 Related OSVDB ID: 17498 Related OSVDB ID: 17503 Related OSVDB ID: 17505 Related OSVDB ID: 17507 Related OSVDB ID: 17497 Related OSVDB ID: 17499 Related OSVDB ID: 17501 Other Advisory URL: http://rst.void.ru/papers/advisory29.txt Bugtraq ID: 14045