by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

VUBB Forum SQL and XSS vuln.

VUBB Forum SQL and XSS vuln.
Vuln. dicovered by : r0t
Date: 23 nov. 2005
Vendor:http://www.vubb.com/
affected version: alpha rc1


Product description:
Free PHP/MySQL forum/bulletin board system. The only interactive forum where not only administrators fix the bugs and add new features, but the users can too! Features at a glance * Language System, easily change the forums language with the use of language packs. * Administration Control Panel, control every aspect of your forum. * Moderation Options, assign moderators, edit, delete etc options for posts. * Link Forums, use a forum as a link to another site, usefull for affiliate links. * BBCode & Smilies Support, make text bold, italic, insert smilie faces etc. * Template System, control the look of your forum with html templates and css files. * Full Groups & Permissions System, assign users to whatever user group you want, create, edit and delete groups. * Polls, include as many options as you want.


Vuln. description:

1. Multiple SQL Vuln.
Input passed to the "f" parameter in "viewforum.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "t" parameter in "viewtopic.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "view" parameter in "usercp.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

http://host/forum/index.php?act=viewforum&f=[SQL]
http://host/forum/index.php?act=viewtopic&t=[SQL]
http://host/forum/index.php?act=usercp&view=[SQL]

2. XSS

User edit profile fields parameters isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew