6kbbs 8.0 SQL Injection

`*6kbbs v8.0 SQL Injection Security Vulnerabilities*  
  
  
Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities  
Vendor: 6kbbs  
Product: 6kbbs  
Vulnerable Versions: v7.1 v8.0  
Tested Version: v7.1 v8.0  
Advisory Publication: April 01, 2015  
Latest Update: April 01, 2015  
Vulnerability Type: Improper Neutralization of Special Elements used in an  
SQL Command ('SQL Injection') [CWE-89]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)  
Impact Subscore: 6.4  
Exploitability Subscore: 10.0  
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University  
(NTU), Singapore]  
  
  
  
  
  
  
  
*Suggestion Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
6kbbs  
  
  
  
*Product & Vulnerable Versions:*  
6kbbs  
v7.1  
v8.0  
  
  
  
*Vendor URL & download:*  
6kbbs can be obtained from here,  
http://www.6kbbs.com/download.html  
http://www.bvbcode.com/code/93n8as2z-down  
  
  
  
*Product Introduction Overview:*  
"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the  
code simple, easy to use, powerful, fast and so on. It is an excellent  
community forum program. The program is simple but not simple; fast, small;  
Interface generous and good scalability; functional and practical pursuing  
superior performance, good interface, the user's preferred utility  
functions."  
  
"Interface: Using XHTML + CSS architecture, so that the structure of the  
page, easy to modify the interface; save the transmission of static page  
code, greatly reducing the amount of data transmitted over the network;  
improve the interface scalability, more in line with WEB standards, support  
Internet Explorer, FireFox, Opera and other mainstream browsers. The  
program: using ASP + ACCESS mature technology, the installation process is  
extremely simple, the operating environment is also very common."  
  
  
  
  
*(2) Vulnerability Details:*  
6kbbs web application has a security bug problem. It can be exploited by  
SQL Injection attacks. This may allow an attacker to inject or manipulate  
SQL queries in the back-end database, allowing for the manipulation or  
disclosure of arbitrary data.  
  
Several 6kbbs products 0-day vulnerabilities have been found by some other  
bug hunter researchers before. 6kbbs has patched some of them. Open Sourced  
Vulnerability Database (OSVDB) is an independent and open-sourced database.  
The goal of the project is to provide accurate, detailed, current, and  
unbiased technical information on security vulnerabilities. The project  
promotes greater, open collaboration between companies and individuals. It  
has published suggestions, advisories, solutions details related to 6kbbs  
vulnerabilities.  
  
  
*(2.1) *The first code programming flaw occurs at "/ajaxmember.php?" page  
with "&userid" parameter.  
  
*(2.2) *The second code programming flaw occurs at "/admin.php?" page with  
"&inc" parameter.  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/sql-injection-vulnerability/6kbbs-v8-0-sql-injection-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/04/6kbbs-v80-sql-injection-security.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-sql-injection-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-sql-injection-security-vulnerabilities/  
https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-sql-injection-security-vulnerabilities/  
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2  
http://packetstormsecurity.com/files/authors/11270  
http://www.osvdb.org/show/osvdb/117505  
http://milw00rm.net/exploits/6367  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`