[Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple SQL-Injection Vulnerabilities
in
Powie's PSCRIPT Forum
Summary
Product Powie's PSCRIPT Forum
Version <= 1.26
OS affected All with PHP and mySQL
Remote Exploit Yes
Risk Lvl Medium High
Vendor Thomas 'Powie' Erhardt
http://www.pscript.de/
Informed since 2002-02, workaround still available
See also Jens Liebchen
Sat Feb 16 2002 - 14:22:59 CST
<http://www.ppp-design.de/advisories_show.php?adv=pforum__mysql-injection_bug.txt>
Jens Liebchen discovered in February 2002 multiple SQL Injection
Vulnerabilities in the Pscript Forum. After more then 2.5 Years, the
Vulnerabilities are still existing. The Vendor didn't fix the
Vulnerabilities in a proper manner and ignored the Advisory completely.
I discovered SQL Injection Vulnerabilities with medium high security risks
in the following files:
* logincheck.php
* changepass.php
* edituser.php
Workaround
The Vulnerabilites are rated medium high, because most hoster activate
magic_quotes_gpc in the php.ini, so that g(et), p(ost) and c(ookie) data
are filtered. If magic_quotes_gpc is deactived, it is very easy to become
administrator or any other user. But many user are not allowed to change
php.ini, especially in mass hosting environments (where the Pscript Forum
is mostly used).
Kudos to Jens Liebchen,
Christoph Jeschke
- --
The sky about the port was the color of television,
tuned to a death channel. .o.
-- William Gibson, Neuromancer, ..o
Chiba City Blues ooo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQIVAwUBQXAqnhTgMjDbDRRWAQJPHBAAtAzSs9JjbqaeI91EwDIMBxeIwf4/hNCd
GlRRdEcGciF3uCDfhFG7BwC5L9Y+ZfdlLfbqgd79ZokBUUrZhJYNEIbmFn0v5qs9
Ap5lIx0DyR+6BHYq94sV2jG9cEh2N3dOMMlQx7ozE0V7NZs/usRkjZRGeFMLNE6A
wdLoQK5+uNTFMWacV2IeoMojJahwvZh7mokrQbs92lguj+7n7luSWov/QsSJx0tD
//VTfKvW3ENSD2OrBsDj6ERiGSLyZaLsBMJNp+R6GJhqRfcy1zjyNC9slPfZH33A
0A/GCNOmNGwAWKEaQhzfpSGm78gPP/6tHvy0OxaVfSZah6pzMeUUh+IO/VHdGUW8
9JxYG1p1mxO2yfOVSI8ZQgI53pX1nzio3Tzw97RzE8DbKHiYxZTbZKo4fWNfI+iQ
touZclUdeeLqTo85PTHU4CBCJcttR8aNeckhQYtxrLzcjdr5ekePPof7MLCZi8xC
mzXgiPE0Y8p+hEvTdWYQJ0dfHkPqiO8s8y+13d4RtLFcE3ElnsLPnVhNZgeZZxzs
+91hcLv/Zty8J+Y51qUy0Am84Ca4hKk6fxFnRnrHPxxtIRO5lMeNS7NsDVvY/SXB
kkL9AHuFOYN2wQWMfgKCh1NBBfDmekH+CYaI9FsbJY4iTrG9EPZ9H/4zcNRcqpuG
/7buug6lImY=
=sgP1
-----END PGP SIGNATURE-----