what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

fusetalkpoc-sql.txt

fusetalkpoc-sql.txt
Posted Jun 20, 2007
Authored by Ivan Almuina | Site fastcom-technology.com

FuseTalk version 2.0 suffers from a SQL injection vulnerability in autherror.cfm.

tags | exploit, sql injection
SHA-256 | 5ebbcffcaeb54aea7359861858adc1e00f52b63b66cc98e800d62c35c2366cd1

fusetalkpoc-sql.txt

Change Mirror Download
Hello everyone,

After trying to report bugs to FuseTalk, and seeing them providing patches to
customers (dropping new fixed .cfm files in a private place reserved to
customers) without giving proper credits and without reporting them publicly
(we were following the Full Disclosure Policy v2.0), we decided to release
the advisories. It's a kinda weird attitude from a company that sold its
product to the NASA, Bloomberg, Adobe, AMD, etc. Here is the first one:
------------------------
Advisory: FuseTalk affected by a SQL Injection
Product: FuseTalk Basic/Standard/Enterprise ColdFusion version
Version: unknown, it seems the vendor fixed the bug silently in latest version
Risk: Medium
Reported on: April 17, 2007
Vendor: FuseTalk
Impact: data manipulation

Product Overview
------------------------
With an easy-to-use, intuitive administration system, extensive customization
capabilities and a rich feature set, FuseTalk is a pleasure to use for both
administrators and forum members. Full RDBMS support, high performance and full
linear scalability allow FuseTalk to meet your demands.Over 1,000 customers use
FuseTalk to deliver the benefits of collaborative online communities, including
VCampus, Rockwell, Seagate Software, Macromedia, Hasbro, U.S. Air Force, AT&T,
Citicorp, McCormick and Company, Adobe, eBay, AnandTech, NASA, Bloomberg,
the U.S. Dept. of Energy, etc.

Summary
------------------------
old versions of FuseTalk are vulnerable to a classic SQL Injection bug that
leads to data manipulation.

Technical Details
------------------------
The problem lies in the /forum/include/error/autherror.cfm script,the variable
*errorcode* is not sanitized.

Proof of Concept (PoC)
------------------------
http://[srv]/forum/include/error/autherror.cfm?FTVAR_URLP=x&errorcode=SQL_INJ

Credit
------------------------
Discovered by Ivan Almuina of Fastcom Technology SA.

Contact
------------------------
almuina at domainname (following domain)
fastcom-technology.com

Disclaimer
------------------------
The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect damages
whatsoever arising out of or in connection with the use or spread of this
information. Any use of this information is at the user's own risk.
---

More fusetalk advisories to come,


--
Ivan Almuina

Fastcom Technology S.A.
Phone: +41 21 619 06 70
Fax: +41 21 619 06 71
Internet: http://www.fastcom-technology.com/
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close