QUOTE
Severity: High
Title: Multiple Sql injection vulnerabilities in BK Forum v.4
Date: 23/04/2005
Vendor: BKdev
Vendor Website: http://www.bkdev.net
Proof of Concept Exploits:
http://forum.bkdev.net/member.asp?id=10%20...%20'dc'
CODE
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
http://forum.bkdev.net/forum.asp?forum='SQL INJECTION
CODE
id = request.querystring("id")
sql = "select * from Member where memID = " & id
set rs = conn.execute(sql)
http://forum.bkdev.net/register.asp
All the form values are vulnerable to sql injection
CODE
sql = "insert into Member (memName, memPassword, memFirstName, memLastName, memEmail, memHomepage, " & _
"memDate, memLevel, memSignature, memPic, memAbout, memAcceptNotification, memShowAvatar, memLoggedOn, " & _
"memLastActive) values ('" & memname & "', '" & mempw & "', '" & firstname & "', '" & lastname & "', " & _
"'" & email & "', '" & homepage & "', #" & now & "#, " & LEVEL_MEMBER & ", '" & signature & "', " & _
"'" & picture & "', '" & about & "', " & notify & ", " & avatar & ", " & false & ", #" & now & "#)"
Author:
These vulnerabilties have been found and released by Diabolic Crab
Source: http://seclists.org/lists/bugtraq/2005/Apr/0380.html
