Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] SQL injection in BroadBoard Instant ASP Message Board

from [pigrelax] Network Security [Permanent Link]
Subject: [Full-Disclosure] SQL injection in BroadBoard Instant ASP Message Board
Date: Mon, 27 Sep 2004 00:09:32 +0400 
BroadBoard Instant ASP Message Board

URL: http://www.broadboard.com/


1. software does not properly validate user-supplied input in the 'keywords'
parameter  in search.asp:
http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL
code]&method=1&method=1&body=1&subject=1&board=1&results=1

2. software does not properly validate user-supplied input in the 'handle'
parameter  in profile.asp:
http://broadboard/forum/profile.asp?handle=['SQL code]

3. software does not properly validate user-supplied input in the
'txtUserHandle' parameter  in reg2.asp:

POST /forum/reg2.asp HTTP/1.1 
Host: broadboard 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 121 
txtNameFirst=1&txtNameLast=1&txtUserEmail=sales@maxpatrol.com&txtUserHandle=
['SQL code]&txtUserPwd=1&txtUserCPwd=1&cmdRegister=1

4. software does not properly validate user-supplied input in the
'txtUserEmail' parameter  in forgot.asp:

POST /forum/forgot.asp HTTP/1.1 
Host: broadboard 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 24 
txtUserEmail=['SQL code]&cmdSend=1

MaxPatrol is a professional network security scanner distinguished by its
uncompromisingly high quality of scanning, optimized for effective use by
companies of any size (serving from a few to tens of thousands of nodes).
MaxPatrol developers were able quite simply to "ignore" about 40% of the
newly published vulnerabilities because their product's intelligent
algorithms had already detected them.
http://www.Maxpatrol.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] SQL injection in BroadBoard Instant ASP Message Board, pigrelax <=
Previous by Date:  Re: Promiscuous email printing in Canon imageRunner, Chip Mefford
Next by Date:  [Full-Disclosure] Re: HTTP Response Splitting and SQL injection in megabbs forum, PD9 Software
Previous by Thread:  [Full-Disclosure] HTTP Response Splitting and SQL injection in megabbs forum, pigrelax
Next by Thread:  [Full-Disclosure] [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm, Thierry Carrez
Indexes:  [Date] [Thread] [Top] [All Lists]