Multiple Vulnerabilities in ADNForum

Summary

Vulnerability
Multiple Vulnerabilities in ADNForum
Discovered
2006.01.05
Last Update
0 n/a
ID
EV0015
CVE
CVE-2006-0123 CVE-2006-0124
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
Agustin Dondo (http://www.agustin.co.nr/)
Vulnerable Software
ADNForum (http://adnforum.sourceforge.net/)
Version
1.0b
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in ADNForum (http://adnforum.sourceforge.net/) script.

1. ADNForum has multiple SQL injection vulnerabilities.

All user-defined data isn't properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc: off

2. Multiple XSS Vulnerabilities.

All user-defined data isn't properly sanitized before being posted. This can be used to post any html or script code.

PoC/Exploit

Example of SQL Injections:
http://host/adnforum/index.php? fid=3333'%20union%20select%201111/*
http://host/adnforum/verpag.php?pagid=999'%20union%20select%201,2,3/*

Example of XSS:

URL: http://host/adnforum/crear.php?que=topico&fid=6

Topic name: <XSS>

Solution.

Solution for "Multiple Vulnerabilities in ADNForum" is not available. Check Agustin Dondo website for updates.