6kbbs v8.0 SQL Injection Security Vulnerabilities

2015.04.07
Credit: Wang Jing
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

*6kbbs v8.0 SQL Injection Security Vulnerabilities* Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: April 01, 2015 Latest Update: April 01, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend) Impact Subscore: 6.4 Exploitability Subscore: 10.0 Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore] *Suggestion Details:* *(1) Vendor & Product Description:* *Vendor:* 6kbbs *Product & Vulnerable Versions:* 6kbbs v7.1 v8.0 *Vendor URL & download:* 6kbbs can be obtained from here, http://www.6kbbs.com/download.html http://www.bvbcode.com/code/93n8as2z-down *Product Introduction Overview:* "6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user's preferred utility functions." "Interface: Using XHTML + CSS architecture, so that the structure of the page, easy to modify the interface; save the transmission of static page code, greatly reducing the amount of data transmitted over the network; improve the interface scalability, more in line with WEB standards, support Internet Explorer, FireFox, Opera and other mainstream browsers. The program: using ASP + ACCESS mature technology, the installation process is extremely simple, the operating environment is also very common." *(2) Vulnerability Details:* 6kbbs web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Several 6kbbs products 0-day vulnerabilities have been found by some other bug hunter researchers before. 6kbbs has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to 6kbbs vulnerabilities. *(2.1) *The first code programming flaw occurs at "/ajaxmember.php?" page with "&userid" parameter. *(2.2) *The second code programming flaw occurs at "/admin.php?" page with "&inc" parameter. *References:* http://www.tetraph.com/security/sql-injection-vulnerability/6kbbs-v8-0-sql-injection-security-vulnerabilities/ http://securityrelated.blogspot.com/2015/04/6kbbs-v80-sql-injection-security.html http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-sql-injection-security-vulnerabilities/ http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-sql-injection-security-vulnerabilities/ https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-sql-injection-security-vulnerabilities/ http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2 http://packetstormsecurity.com/files/authors/11270 http://www.osvdb.org/show/osvdb/117505 http://milw00rm.net/exploits/6367 -- Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/justqdjing

References:

http://www.tetraph.com/security/sql-injection-vulnerability/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/04/6kbbs-v80-sql-injection-security.html
http://www.inzeed.com/kaleidoscope/computer-web-security/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-sql-injection-security-vulnerabilities/
https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-sql-injection-security-vulnerabilities/
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://packetstormsecurity.com/files/authors/11270
http://www.osvdb.org/show/osvdb/117505
http://milw00rm.net/exploits/6367


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top