ID OSVDB:17587 Type osvdb Reporter Dedi Dwianto(the_day@echo.or.id) Modified 2005-06-22T03:51:40
Description
Vulnerability Description
DUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'userEdit.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
DUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'userEdit.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.
{"edition": 1, "title": "DUforum userEdit.asp id Variable SQL Injection", "bulletinFamily": "software", "published": "2005-06-22T03:51:40", "lastseen": "2017-04-28T13:20:13", "history": [], "modified": "2005-06-22T03:51:40", "reporter": "Dedi Dwianto(the_day@echo.or.id)", "hash": "d0c4a13b0a9228a60e80b19ef1add3f635a69101cb600429dec2a510dc37dfbd", "viewCount": 5, "href": "https://vulners.com/osvdb/OSVDB:17587", "description": "## Vulnerability Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'userEdit.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'userEdit.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/DUforum/admin/userEdit.asp?id=[SQL Inject]\n## References:\nVendor URL: http://www.duware.com/\n[Secunia Advisory ID:15802](https://secuniaresearch.flexerasoftware.com/advisories/15802/)\n[Related OSVDB ID: 17584](https://vulners.com/osvdb/OSVDB:17584)\n[Related OSVDB ID: 17585](https://vulners.com/osvdb/OSVDB:17585)\n[Related OSVDB ID: 17586](https://vulners.com/osvdb/OSVDB:17586)\nOther Advisory URL: http://echo.or.id/adv/adv19-theday-2005.txt\n[Nessus Plugin ID:18567](https://vulners.com/search?query=pluginID:18567)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0172.html\nISS X-Force ID: 21130\n[CVE-2005-2048](https://vulners.com/cve/CVE-2005-2048)\nBugtraq ID: 14035\n", "affectedSoftware": [{"name": "DUforum", "version": "3.1", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "9d218545c0a102d09546f7733be223d2"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "de71fae6bb47c0f7b85f6722be75d738"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "209fd6b3b6922314d722f635b52545ce"}, {"key": "href", "hash": "ab71f05b0b694b8c7121ccf79d4ae723"}, {"key": "modified", "hash": "df2da5131f40dce025e53b833e173b5b"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "df2da5131f40dce025e53b833e173b5b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "65bfa6c7727586bfdb190917d312a28d"}, {"key": "title", "hash": "880387c929696c3a6f628254d31dbb65"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2017-04-28T13:20:13"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2048"]}, {"type": "osvdb", "idList": ["OSVDB:17586", "OSVDB:17585", "OSVDB:17584"]}, {"type": "exploitdb", "idList": ["EDB-ID:25870", "EDB-ID:25869", "EDB-ID:25868"]}, {"type": "nessus", "idList": ["DUFORUM_SQL_INJECTIONS.NASL"]}], "modified": "2017-04-28T13:20:13"}, "vulnersScore": 7.6}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2005-2048"], "id": "OSVDB:17587"}
{"cve": [{"lastseen": "2019-05-29T18:08:14", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.", "modified": "2018-10-19T15:32:00", "id": "CVE-2005-2048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2048", "published": "2005-06-22T04:00:00", "title": "CVE-2005-2048", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T02:20:51", "bulletinFamily": "exploit", "description": "DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform", "modified": "2005-06-22T00:00:00", "published": "2005-06-22T00:00:00", "id": "EDB-ID:25869", "href": "https://www.exploit-db.com/exploits/25869/", "type": "exploitdb", "title": "DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/14035/info\r\n \r\nDUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.\r\n \r\nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/DUforum/post.asp?iFor=6[SQL Inject] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25869/"}, {"lastseen": "2016-02-03T02:20:58", "bulletinFamily": "exploit", "description": "DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform", "modified": "2005-06-22T00:00:00", "published": "2005-06-22T00:00:00", "id": "EDB-ID:25870", "href": "https://www.exploit-db.com/exploits/25870/", "type": "exploitdb", "title": "DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/14035/info\r\n \r\nDUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.\r\n \r\nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/DUforum/forums.asp?iFor=[SQL Inject] ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25870/"}, {"lastseen": "2016-02-03T02:20:44", "bulletinFamily": "exploit", "description": "DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection. CVE-2005-2048 . Webapps exploit for asp platform", "modified": "2005-06-22T00:00:00", "published": "2005-06-22T00:00:00", "id": "EDB-ID:25868", "href": "https://www.exploit-db.com/exploits/25868/", "type": "exploitdb", "title": "DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/14035/info\r\n\r\nDUforum is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.\r\n\r\nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \r\n\r\nhttp://www.example.com/DUforum/messages.asp?iMsg=[SQL Inject]248&iFor=6 ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25868/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "## Vulnerability Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'post.asp' script not properly sanitizing user-supplied input to the 'iFor' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'post.asp' script not properly sanitizing user-supplied input to the 'iFor' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/DUforum/post.asp?iFor=6[SQL Inject]\n## References:\nVendor URL: http://www.duware.com/\n[Secunia Advisory ID:15802](https://secuniaresearch.flexerasoftware.com/advisories/15802/)\n[Related OSVDB ID: 17584](https://vulners.com/osvdb/OSVDB:17584)\n[Related OSVDB ID: 17587](https://vulners.com/osvdb/OSVDB:17587)\n[Related OSVDB ID: 17586](https://vulners.com/osvdb/OSVDB:17586)\nOther Advisory URL: http://echo.or.id/adv/adv19-theday-2005.txt\n[Nessus Plugin ID:18567](https://vulners.com/search?query=pluginID:18567)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0172.html\nISS X-Force ID: 21130\n[CVE-2005-2048](https://vulners.com/cve/CVE-2005-2048)\nBugtraq ID: 14035\n", "modified": "2005-06-22T03:51:40", "published": "2005-06-22T03:51:40", "href": "https://vulners.com/osvdb/OSVDB:17585", "id": "OSVDB:17585", "title": "DUforum post.asp iFor Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "## Vulnerability Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.asp' script not properly sanitizing user-supplied input to the 'iFor' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.asp' script not properly sanitizing user-supplied input to the 'iFor' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/DUforum/forums.asp?iFor=[SQL Inject]\n## References:\nVendor URL: http://www.duware.com/\n[Secunia Advisory ID:15802](https://secuniaresearch.flexerasoftware.com/advisories/15802/)\n[Related OSVDB ID: 17584](https://vulners.com/osvdb/OSVDB:17584)\n[Related OSVDB ID: 17587](https://vulners.com/osvdb/OSVDB:17587)\n[Related OSVDB ID: 17585](https://vulners.com/osvdb/OSVDB:17585)\nOther Advisory URL: http://echo.or.id/adv/adv19-theday-2005.txt\n[Nessus Plugin ID:18567](https://vulners.com/search?query=pluginID:18567)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0172.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0034.html\nISS X-Force ID: 21130\n[CVE-2005-2048](https://vulners.com/cve/CVE-2005-2048)\nBugtraq ID: 14035\n", "modified": "2005-06-22T03:51:40", "published": "2005-06-22T03:51:40", "href": "https://vulners.com/osvdb/OSVDB:17586", "id": "OSVDB:17586", "title": "DUforum forums.asp iFor Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "description": "## Vulnerability Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'messages.asp' script not properly sanitizing user-supplied input to the 'iMsg' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDUforum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'messages.asp' script not properly sanitizing user-supplied input to the 'iMsg' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/DUforum/messages.asp?iMsg=[SQL Inject]248&iFor=6\n## References:\nVendor URL: http://www.duware.com/\n[Secunia Advisory ID:15802](https://secuniaresearch.flexerasoftware.com/advisories/15802/)\n[Related OSVDB ID: 17587](https://vulners.com/osvdb/OSVDB:17587)\n[Related OSVDB ID: 17585](https://vulners.com/osvdb/OSVDB:17585)\n[Related OSVDB ID: 17586](https://vulners.com/osvdb/OSVDB:17586)\nOther Advisory URL: http://echo.or.id/adv/adv19-theday-2005.txt\n[Nessus Plugin ID:18567](https://vulners.com/search?query=pluginID:18567)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0172.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0034.html\nISS X-Force ID: 21130\n[CVE-2005-2048](https://vulners.com/cve/CVE-2005-2048)\nBugtraq ID: 14035\n", "modified": "2005-06-22T03:51:40", "published": "2005-06-22T03:51:40", "href": "https://vulners.com/osvdb/OSVDB:17584", "id": "OSVDB:17584", "title": "DUforum messages.asp iMsg Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T02:26:11", "bulletinFamily": "scanner", "description": "The remote host is running DUforum, a web-based message board written\nin ASP from DUware. \n\nThe installed version of DUforum fails to properly sanitize user-\nsupplied input in several instances before using it in SQL queries. \nBy exploiting these flaws, an attacker can affect database queries,\npossibly disclosing sensitive data and launching attacks against the\nunderlying database.", "modified": "2019-11-02T00:00:00", "id": "DUFORUM_SQL_INJECTIONS.NASL", "href": "https://www.tenable.com/plugins/nessus/18567", "published": "2005-06-28T00:00:00", "title": "DUforum Multiple Scripts SQL Injection", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18567);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2005-2048\");\n script_bugtraq_id(14035);\n\n script_name(english:\"DUforum Multiple Scripts SQL Injection\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an ASP application that is vulnerable\nto multiple SQL injection attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running DUforum, a web-based message board written\nin ASP from DUware. \n\nThe installed version of DUforum fails to properly sanitize user-\nsupplied input in several instances before using it in SQL queries. \nBy exploiting these flaws, an attacker can affect database queries,\npossibly disclosing sensitive data and launching attacks against the\nunderlying database.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://echo.or.id/adv/adv19-theday-2005.txt\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Jun/175\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/06/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/06/22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple SQL injection vulnerabilities in DUforum\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/ASP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\nif (!can_host_asp(port:port)) exit(0);\n\n\n# Loop through CGI directories.\nforeach dir (cgi_dirs()) {\n # Try to exploit one of the flaws.\n u = string(\n dir, \"/forums.asp?\",\n \"iFor=\", SCRIPT_NAME, \"'\"\n );\n r = http_send_recv3(port:port, method: \"GET\", item: u);\n if (isnull(r)) exit(0);\n\n # There's a problem if...\n if (\n # it looks like DUforum and...\n 'href=\"assets/DUforum.css\" rel=\"stylesheet\"' >< r[2] && \n # there's a syntax error.\n string(\"Syntax error in string in query expression 'FOR_ID = \", SCRIPT_NAME, \"'\") >< r[2]\n ) {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
