KhiZaRix Posted April 6, 2015 Report Posted April 6, 2015 *6kbbs v8.0 SQL Injection Security Vulnerabilities*Exploit Title: 6kbbs Multiple SQL Injection Security VulnerabilitiesVendor: 6kbbsProduct: 6kbbsVulnerable Versions: v7.1 v8.0Tested Version: v7.1 v8.0Advisory Publication: April 01, 2015Latest Update: April 01, 2015Vulnerability Type: Improper Neutralization of Special Elements used in anSQL Command ('SQL Injection') [CWE-89]CVE Reference: *Impact CVSS Severity (version 2.0):CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)Impact Subscore: 6.4Exploitability Subscore: 10.0Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University(NTU), Singapore]*Suggestion Details: **(1) Vendor & Product Description: **Vendor: *6kbbs*Product & Vulnerable Versions: *6kbbsv7.1v8.0*Vendor URL & download: *6kbbs can be obtained from here,???? - 6KBBS??download 6kbbs PHP Forum V8.0 source code*Product Introduction Overview: *"6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has thecode simple, easy to use, powerful, fast and so on. It is an excellentcommunity forum program. The program is simple but not simple; fast, small;Interface generous and good scalability; functional and practical pursuingsuperior performance, good interface, the user's preferred utilityfunctions.""Interface: Using XHTML + CSS architecture, so that the structure of thepage, easy to modify the interface; save the transmission of static pagecode, greatly reducing the amount of data transmitted over the network;improve the interface scalability, more in line with WEB standards, supportInternet Explorer, FireFox, Opera and other mainstream browsers. Theprogram: using ASP + ACCESS mature technology, the installation process isextremely simple, the operating environment is also very common."*(2) Vulnerability Details: *6kbbs web application has a security bug problem. It can be exploited bySQL Injection attacks. This may allow an attacker to inject or manipulateSQL queries in the back-end database, allowing for the manipulation ordisclosure of arbitrary data.Several 6kbbs products 0-day vulnerabilities have been found by some otherbug hunter researchers before. 6kbbs has patched some of them. Open SourcedVulnerability Database (OSVDB) is an independent and open-sourced database.The goal of the project is to provide accurate, detailed, current, andunbiased technical information on security vulnerabilities. The projectpromotes greater, open collaboration between companies and individuals. Ithas published suggestions, advisories, solutions details related to 6kbbsvulnerabilities.*(2.1) *The first code programming flaw occurs at "/ajaxmember.php?" pagewith "&userid" parameter.*(2.2) *The second code programming flaw occurs at "/admin.php?" page with"&inc" parameter.*References: *6kbbs v8.0 SQL Injection Security Vulnerabilities – Information Security - TetraphInformation Security - IT & Computer & Web & Database & Application Related Posts: 6kbbs v8.0 SQL Injection Security Vulnerabilities6kbbs v8.0 SQL Injection Security Vulnerabilities | Kaleidoscope - InZeedhttp://diebiyi.com/articles/%E5%AE%89%E5%85%A8/6kbbs-v8-0-sql-injection-security-vulnerabilities/https://hackertopic.wordpress.com/2015/04/02/6kbbs-v8-0-sql-injection-security-vulnerabilities/http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2http://packetstormsecurity.com/files/authors/11270http://www.osvdb.org/show/osvdb/117505http://milw00rm.net/exploits/6367--Wang Jing,Division of Mathematical Sciences (MAS),School of Physical and Mathematical Sciences (SPMS),Nanyang Technological University (NTU),Singapore.http://www.tetraph.com/wangjing/https://twitter.com/justqdjingSource: http://packetstorm.wowhacker.com/1504-exploits/6kbbs-sql.txt Quote
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)