Skate Board Multimple Vulnerabilities

2006.03.05
Risk: High
Local: No
Remote: Yes
CWE: N/A

New eVuln Advisory: Skate Board Multimple Vulnerabilities http://evuln.com/vulns/84/summary.html --------------------Summary---------------- eVuln ID: EV0084 CVE: CVE-2006-0809 CVE-2006-0810 CVE-2006-0811 Software: Skate Board Sowtware's Web Site: http://bb.jiraiya.se/main.php?content=start Versions: 0.9 Critical Level: Dangerous Type: Multiple Vulnerabilities Class: Remote Status: Unpatched. No reply from developer(s) Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. SQL Injection. Vulnerable script: includes/root/sendpass.php Variable $_POST[usern] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code. Condition: magic_quotes_gpc - off 2. Authentication Bypass. Vulnerable scripts: includes/root/login.php includes/root/logged.php Variables $_POST[usern] $_POST[passwd] $_COOKIE[sf_cookie] are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and make authorization bypass. Condition: magic_quotes_gpc - off 3. PHP Code Injection. Administrator has an ability to edit values of variables in config.php This can be used to inject arbitrary PHP code. System access is possible. 4. Multiple Cross-Site Scripting. Vulnerable script: includes/root/reguser.php All user-defined data from registration form isn't properly sanitized. This can be used to inject arbitrary html or script code. --------------Exploit---------------------- Available at: http://evuln.com/vulns/84/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top