Secunia Security Advisory - Abducter has discovered some vulnerabilities in Pearl Forums, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Input passed to the forumsId and topicId parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the mode parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 2.4 and has also been reported in version 2.0. Other versions may also be affected.
241875297444cd4a4e33999e1bb7785220e8336ff7bf7fd393d80a6a4fbdf7a1
TITLE:
Pearl Forums SQL Injection and Local File Inclusion Vulnerabilities
SECUNIA ADVISORY ID:
SA17533
VERIFY ADVISORY:
http://secunia.com/advisories/17533/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Pearl Forums 2.x
http://secunia.com/product/6117/
DESCRIPTION:
Abducter has discovered some vulnerabilities in Pearl Forums, which
can be exploited by malicious people to conduct SQL injection attacks
and disclose sensitive information.
1) Input passed to the "forumsId" and "topicId" parameters in
"index.php" isn't properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
2) Input passed to the "mode" parameter in "index.php" isn't properly
verified, before it is used to include files. This can be exploited to
include arbitrary files from local resources.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been confirmed in version 2.4 and has also
been reported in version 2.0. Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Abducter
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------