WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

2010-07-25T00:00:00
ID 1337DAY-ID-13475
Type zdt
Reporter Salvatore Fresta
Modified 2010-07-25T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==============================================================
WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities
==============================================================


 Name              WhiteBoard
 Vendor            http://sarosoftware.com
 Versions Affected 0.1.30
 
 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-07-24
 
X. INDEX
 
 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
  
 
I. ABOUT THE APPLICATION
________________________
 
WhiteBoard  is  a  fast,  powerful, and free open source
discussion board solution.  The project started in March
of 2007,  and  its  recent release is the culmination of
three  years of hard work. Developed by a Zend Certified
PHP  Engineer,   this  discussion  board  uses  advanced
algorithms  and  features  which  previously  were  only
available in paid discussion board solutions.
 
 
II. DESCRIPTION
_______________
 
Some  parameters  in  controlpanel.php  are not properly
sanitised before being used in SQL queries.
 
 
III. ANALYSIS
_____________
 
Summary:
 
 A) Multiple Blind SQL Injection
  
 
A) Multiple Blind SQL Injection
______________________
 
The  parameters  email and displayname  sent via POST to
controlpanel.php are not properly sanitised before being
used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
 
Successful exploitation  requires that "magic_quotes_gpc"
is disabled.
 
 
IV. SAMPLE CODE
_______________
 
A) Multiple Blind SQL Injection
 
1 - Login as a normal user.
2 - Go to index.php?act=controlPanel
 
Try the following code as "Display Name" or "E-mail":
 
' OR (SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))#
 
 
V. FIX
______
 
No fix.



#  0day.today [2018-04-10]  #