*6kbbs v8.0 SQL Injection Security Vulnerabilities*
Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command ('SQL Injection') [CWE-89]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University
(NTU), Singapore]
*Suggestion Details:*
*(1) Vendor & Product Description:*
*Vendor:*
6kbbs
*Product & Vulnerable Versions:*
6kbbs
v7.1
v8.0
*Vendor URL & download:*
6kbbs can be obtained from here,
http://www.6kbbs.com/download.html
http://www.bvbcode.com/code/93n8as2z-down
*Product Introduction Overview:*
"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the
code simple, easy to use, powerful, fast and so on. It is an excellent
community forum program. The program is simple but not simple; fast, small;
Interface generous and good scalability; functional and practical pursuing
superior performance, good interface, the user's preferred utility
functions."
"Interface: Using XHTML + CSS architecture, so that the structure of the
page, easy to modify the interface; save the transmission of static page
code, greatly reducing the amount of data transmitted over the network;
improve the interface scalability, more in line with WEB standards, support
Internet Explorer, FireFox, Opera and other mainstream browsers. The
program: using ASP + ACCESS mature technology, the installation process is
extremely simple, the operating environment is also very common."
*(2) Vulnerability Details:*
6kbbs web application has a security bug problem. It can be exploited by
SQL Injection attacks. This may allow an attacker to inject or manipulate
SQL queries in the back-end database, allowing for the manipulation or
disclosure of arbitrary data.
Several 6kbbs products 0-day vulnerabilities have been found by some other
bug hunter researchers before. 6kbbs has patched some of them. Open Sourced
Vulnerability Database (OSVDB) is an independent and open-sourced database.
The goal of the project is to provide accurate, detailed, current, and
unbiased technical information on security vulnerabilities. The project
promotes greater, open collaboration between companies and individuals. It
has published suggestions, advisories, solutions details related to 6kbbs
vulnerabilities.
*(2.1) *The first code programming flaw occurs at "/ajaxmember.php?" page
with "&userid" parameter.
*(2.2) *The second code programming flaw occurs at "/admin.php?" page with
"&inc" parameter.
*References:*
http://www.tetraph.com/security/sql-injection-vulnerability/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/04/6kbbs-v80-sql-injection-security.html
http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-sql-injection-security-vulnerabilities/
https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://packetstormsecurity.com/files/authors/11270
http://www.osvdb.org/show/osvdb/117505
http://milw00rm.net/exploits/6367
--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing