[Powie\"s PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities

Begonnen von , 15. Oktober 2004, 22:10:30

Vorheriges Thema - Nächstes Thema



Multiple SQL-Injection Vulnerabilities
in
Powie\'s PSCRIPT Forum
Summary
Product             Powie\'s PSCRIPT Forum
Version            
Jens Liebchen discovered in February 2002 multiple SQL Injection
Vulnerabilities in the Pscript Forum. After more then 2.5 Years, the
Vulnerabilities are still existing. The Vendor didn\'t fix the
Vulnerabilities in a proper manner and ignored the Advisory completely.
I discovered SQL Injection Vulnerabilities with medium high security risks
in the following files:
   * logincheck.php
   * changepass.php
   * edituser.php
Workaround
The Vulnerabilites are rated medium high, because most hoster activate
magic_quotes_gpc in the php.ini, so that g(et), p(ost) and c(ookie) data
are filtered. If magic_quotes_gpc is deactived, it is very easy to become
administrator or any other user. But many user are not allowed to change
php.ini, especially in mass hosting environments (where the Pscript Forum
is mostly used).
Kudos to Jens Liebchen,
Christoph Jeschke




all your base are belong to us / Discord