Bugtraq mailing list archives
[eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities
From: alex () evuln com
Date: 8 Mar 2006 13:14:23 -0000
New eVuln Advisory: EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities http://evuln.com/vulns/88/summary.html --------------------Summary---------------- eVuln ID: EV0088 Software: EKINboard Sowtware's Web Site: http://www.ekinboard.com/ Versions: 1.0.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Patched PoC/Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. 'img' BBCode Cross-Site Scripting Vulnerability Arbitrary JavaScript code insertion is possible in BBcode [img]. 2. Cookie 'username' SQL Injection Vulnerability Vulnerable Script: config.php Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/88/exploit.html --------------Solution--------------------- Vendor-provided patch is available here: http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
Current thread:
- [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities alex (Mar 08)