Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

fusetalkpoc-sql.txt

🗓️ 20 Jun 2007 00:00:00Reported by Ivan AlmuinaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

advisory on SQL Injection in FuseTalk produc

Show more
Code
`Hello everyone,  
  
After trying to report bugs to FuseTalk, and seeing them providing patches to  
customers (dropping new fixed .cfm files in a private place reserved to  
customers) without giving proper credits and without reporting them publicly  
(we were following the Full Disclosure Policy v2.0), we decided to release  
the advisories. It's a kinda weird attitude from a company that sold its  
product to the NASA, Bloomberg, Adobe, AMD, etc. Here is the first one:  
------------------------  
Advisory: FuseTalk affected by a SQL Injection  
Product: FuseTalk Basic/Standard/Enterprise ColdFusion version  
Version: unknown, it seems the vendor fixed the bug silently in latest version  
Risk: Medium  
Reported on: April 17, 2007  
Vendor: FuseTalk  
Impact: data manipulation  
  
Product Overview  
------------------------  
With an easy-to-use, intuitive administration system, extensive customization  
capabilities and a rich feature set, FuseTalk is a pleasure to use for both  
administrators and forum members. Full RDBMS support, high performance and full  
linear scalability allow FuseTalk to meet your demands.Over 1,000 customers use  
FuseTalk to deliver the benefits of collaborative online communities, including  
VCampus, Rockwell, Seagate Software, Macromedia, Hasbro, U.S. Air Force, AT&T,  
Citicorp, McCormick and Company, Adobe, eBay, AnandTech, NASA, Bloomberg,  
the U.S. Dept. of Energy, etc.  
  
Summary  
------------------------  
old versions of FuseTalk are vulnerable to a classic SQL Injection bug that  
leads to data manipulation.  
  
Technical Details  
------------------------  
The problem lies in the /forum/include/error/autherror.cfm script,the variable  
*errorcode* is not sanitized.  
  
Proof of Concept (PoC)  
------------------------  
http://[srv]/forum/include/error/autherror.cfm?FTVAR_URLP=x&errorcode=SQL_INJ  
  
Credit  
------------------------  
Discovered by Ivan Almuina of Fastcom Technology SA.  
  
Contact  
------------------------  
almuina at domainname (following domain)  
fastcom-technology.com  
  
Disclaimer  
------------------------  
The information within this paper may change without notice.  
Use of this information constitutes acceptance for use in an AS IS condition.  
There are no warranties, implied or express, with regard to this information.  
In no event shall the author be liable for any direct or indirect damages  
whatsoever arising out of or in connection with the use or spread of this  
information. Any use of this information is at the user's own risk.  
---  
  
More fusetalk advisories to come,  
  
  
--   
Ivan Almuina  
  
Fastcom Technology S.A.  
Phone: +41 21 619 06 70  
Fax: +41 21 619 06 71  
Internet: http://www.fastcom-technology.com/  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Jun 2007 00:00Current
fusetalksql injectiondata manipulationvulnerabilitycoldfusionsecurity advisoryfastcom technology sa
36
.json
Report