WhiteBoard 0.1.30 – Multiple Blind SQL Injections

• Exploit Database
• 10 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14472/

• WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities
  
   NameWhiteBoard
   Vendorhttp://sarosoftware.com
   Versions Affected 0.1.30
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-07-24
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  WhiteBoardisafast,powerful, and free open source
  discussion board solution.The project started in March
  of 2007,anditsrecent release is the culmination of
  threeyears of hard work. Developed by a Zend Certified
  PHPEngineer, thisdiscussionboardusesadvanced
  algorithmsandfeatureswhichpreviouslywereonly
  available in paid discussion board solutions.
  
  
  II. DESCRIPTION
  _______________
  
  Someparametersincontrolpanel.phpare not properly
  sanitised before being used in SQL queries.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Multiple Blind SQL Injection
   
  
  A) Multiple Blind SQL Injection
  ______________________
  
  Theparametersemail and displaynamesent via POST to
  controlpanel.php are not properly sanitised before being
  used in a SQL query. This can be exploited to manipulate
  SQL queries by injecting arbitrary SQL code.
  
  Successful exploitationrequires that "magic_quotes_gpc"
  is disabled. 
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Multiple Blind SQL Injection
  
  1 - Login as a normal user.
  2 - Go to index.php?act=controlPanel
  
  Try the following code as "Display Name" or "E-mail":
  
  ' OR (SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))#
  
  
  V. FIX
  ______
  
  No fix.