by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

Orca forum 4.3.x "msg" Sql inj.

Orca forum 4.3.x "msg" Sql inj.
Vuln. dicovered by : r0t
Date: 23 nov. 2005
Vendor:http://www.greywyvern.com/orca
affected version:4.3b and prior

Product description:
Looking for a simple feedback or discussion forum for your website? Not every site is big enough for scripts like phpBB, which take up an entire page and load you with logins and options that discourage casual contributors.
The Orca Forum is a free and simple discussion board script which can be integrated directly with your existing page layout, or used on its own. It sports the favorite features of the big guys: avatars, email notification, and a BBCode derivative; while retaining the simplicity of an open newsgroup. The threaded layout presents a newsgroup-style navigation system, and also includes a search function, ability to mark posts by date, and the option to order threads by last post (the "bump" system) or original post date (newsgroup style).

Vuln. description:
Input passed to the "msg" parameter in "forum.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
http://host/forum.php?msg=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous GreyWyvern told...

Vendor patch 4.3c
http://www.greywyvern.com/orca#foru

11:25 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew