| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 Mar 2006 13:14:23 -0000 From: alex@...ln.com To: bugtraq@...urityfocus.com Subject: [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities New eVuln Advisory: EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities http://evuln.com/vulns/88/summary.html --------------------Summary---------------- eVuln ID: EV0088 Software: EKINboard Sowtware's Web Site: http://www.ekinboard.com/ Versions: 1.0.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Patched PoC/Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. 'img' BBCode Cross-Site Scripting Vulnerability Arbitrary JavaScript code insertion is possible in BBcode [img]. 2. Cookie 'username' SQL Injection Vulnerability Vulnerable Script: config.php Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/88/exploit.html --------------Solution--------------------- Vendor-provided patch is available here: http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
Powered by blists - more mailing lists