WhiteBoard 0.1.30 – Multiple Blind SQL Injections

• Exploit Database
• 115 阅读

• 作者： Salvatore Fresta
  日期： 2010-07-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14472/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

  WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities   NameWhiteBoard Vendorhttp://sarosoftware.com Versions Affected 0.1.30   AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date2010-07-24   X. INDEX   I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX   I. ABOUT THE APPLICATION ________________________   WhiteBoardisafast,powerful, and free open source discussion board solution.The project started in March of 2007,anditsrecent release is the culmination of threeyears of hard work. Developed by a Zend Certified PHPEngineer, thisdiscussionboardusesadvanced algorithmsandfeatureswhichpreviouslywereonly available in paid discussion board solutions.     II. DESCRIPTION _______________   Someparametersincontrolpanel.phpare not properly sanitised before being used in SQL queries.     III. ANALYSIS _____________   Summary:   A) Multiple Blind SQL Injection   A) Multiple Blind SQL Injection ______________________   Theparametersemail and displaynamesent via POST to controlpanel.php are not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.   Successful exploitationrequires that "magic_quotes_gpc" is disabled.     IV. SAMPLE CODE _______________   A) Multiple Blind SQL Injection   1 - Login as a normal user. 2 - Go to index.php?act=controlPanel   Try the following code as "Display Name" or "E-mail":   ' OR (SELECT(IF(ASCII(0x41) = 65,BENCHMARK(999999999,NULL),NULL)))#     V. FIX ______   No fix.