Fuse Talk vulnerability

2001-11-02T00:00:00
ID SECURITYVULNS:DOC:2148
Type securityvulns
Reporter Securityvulns
Modified 2001-11-02T00:00:00

Description

e-zonemedia's Fuse Talk is vulnerable to malicious SQL. Improper form sanitization makes it possible for any user to manipulate data as (s)he feels fit. On the sign up form (join.cfm) is possible to pass a well crafted form variable to the action template (it's the same template subsequently join.cfm) that will execute malicious SQL. This is made possible by not filtering the (;) semi-colon. Examine the following code:

1;delete from users

or

1;exec sp_addlogin "OsamaBinLadenSucks"

I don't need to tell you the impact of this code. Time and time again I see you guys emphasize the need for proper form validation, but some people don't listen. I would have notified the company (www.e-mediazone.com), but I think this news would be better delivered by a organization known as a leader in security. I trust if you choose to publish this vulnerability, you would do so only after the problem has been rectified.

Thanks

Cole.

p.s. I've attached the faulty template for your inspection. (look near line 241)