EV0090.txt

2006-03-13T00:00:00
ID PACKETSTORM:44616
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-03-13T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Vegas Forum SQL Injection Vulnerability  
http://evuln.com/vulns/90/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0090  
CVE: CVE-2006-1020  
Software: Vegas Forum  
Sowtware's Web Site: http://www.battlereports.com/downloads.php  
Versions: 1.0  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
PoC/Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script: forumlib.php  
  
Variable $postid isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
--------------PoC/Exploit----------------------  
Available at: http://evuln.com/vulns/90/exploit.html  
  
SQL Injection Example:  
  
http://host/forum.php?postid=999% 20or%201  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`