Search...

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

2014-07-01T00:00:00

ID SSV:69486
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

 Name              WhiteBoard
 Vendor            http://sarosoftware.com
 Versions Affected 0.1.30

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-07-24

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION
________________________

WhiteBoard  is  a  fast,  powerful, and free open source
discussion board solution.  The project started in March
of 2007,  and  its  recent release is the culmination of
three  years of hard work. Developed by a Zend Certified
PHP  Engineer,   this  discussion  board  uses  advanced
algorithms  and  features  which  previously  were  only
available in paid discussion board solutions.


II. DESCRIPTION
_______________

Some  parameters  in  controlpanel.php  are not properly
sanitised before being used in SQL queries.


III. ANALYSIS
_____________

Summary:

 A) Multiple Blind SQL Injection
 

A) Multiple Blind SQL Injection
______________________

The  parameters  email and displayname  sent via POST to
controlpanel.php are not properly sanitised before being
used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

Successful exploitation  requires that &#34;magic_quotes_gpc&#34;
is disabled. 


IV. SAMPLE CODE
_______________

A) Multiple Blind SQL Injection

1 - Login as a normal user.
2 - Go to index.php?act=controlPanel

Try the following code as &#34;Display Name&#34; or &#34;E-mail&#34;:

&#39; OR (SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))#


V. FIX
______

No fix.

JSON Vulners Source

Initial Source

{"lastseen": "2017-11-19T15:09:37", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "href": "https://www.seebug.org/vuldb/ssvid-69486", "references": [], "enchantments_done": [], "id": "SSV:69486", "title": "WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 2, "sourceData": "\n WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities\r\n\r\n Name WhiteBoard\r\n Vendor http://sarosoftware.com\r\n Versions Affected 0.1.30\r\n\r\n Author Salvatore Fresta aka Drosophila\r\n Website http://www.salvatorefresta.net\r\n Contact salvatorefresta [at] gmail [dot] com\r\n Date 2010-07-24\r\n\r\nX. INDEX\r\n\r\n I. ABOUT THE APPLICATION\r\n II. DESCRIPTION\r\n III. ANALYSIS\r\n IV. SAMPLE CODE\r\n V. FIX\r\n \r\n\r\nI. ABOUT THE APPLICATION\r\n________________________\r\n\r\nWhiteBoard is a fast, powerful, and free open source\r\ndiscussion board solution. The project started in March\r\nof 2007, and its recent release is the culmination of\r\nthree years of hard work. Developed by a Zend Certified\r\nPHP Engineer, this discussion board uses advanced\r\nalgorithms and features which previously were only\r\navailable in paid discussion board solutions.\r\n\r\n\r\nII. DESCRIPTION\r\n_______________\r\n\r\nSome parameters in controlpanel.php are not properly\r\nsanitised before being used in SQL queries.\r\n\r\n\r\nIII. ANALYSIS\r\n_____________\r\n\r\nSummary:\r\n\r\n A) Multiple Blind SQL Injection\r\n \r\n\r\nA) Multiple Blind SQL Injection\r\n______________________\r\n\r\nThe parameters email and displayname sent via POST to\r\ncontrolpanel.php are not properly sanitised before being\r\nused in a SQL query. This can be exploited to manipulate\r\nSQL queries by injecting arbitrary SQL code.\r\n\r\nSuccessful exploitation requires that "magic_quotes_gpc"\r\nis disabled. \r\n\r\n\r\nIV. SAMPLE CODE\r\n_______________\r\n\r\nA) Multiple Blind SQL Injection\r\n\r\n1 - Login as a normal user.\r\n2 - Go to index.php?act=controlPanel\r\n\r\nTry the following code as "Display Name" or "E-mail":\r\n\r\n' OR (SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))#\r\n\r\n\r\nV. FIX\r\n______\r\n\r\nNo fix.\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-69486", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645451588}}