Description - Multiple Vulnerabilities in Skate Board

Multiple Vulnerabilities found in Skate Board script.

Exploit
Available
Solution
Not available - check vendor's website

1. SQL Injection.

Vulnerable script: includes/root/sendpass.php

Variable $_POST[usern] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

2. Authentication Bypass.

Vulnerable scripts: includes/root/login.phpincludes/root/logged.php

Variables $_POST[usern] $_POST[passwd] $_COOKIE[sf_cookie] are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and make authorization bypass.

Condition: magic_quotes_gpc - off

3. PHP Code Injection.

Administrator has an ability to edit values of variables in config.php This can be used to inject arbitrary PHP code.

System access is possible.

4. Multiple Cross-Site Scripting.

Vulnerable script: includes/root/reguser.php

All user-defined data from registration form isn't properly sanitized. This can be used to inject arbitrary html or script code.

Order Source Code Audit made by eVuln team

Check your website or web application by source code analysis of your website made by eVuln team.The work will be done by specialists in web application security.

Advisories by vuln type