img BBCode XSS and Cookie SQL Injection in EKINboard
Summary
- Vulnerability
- img BBCode XSS and Cookie SQL Injection in EKINboard
- Discovered
- 2006.02.27
- Last Update
- 2006.03.14 CVE entries added
- ID
- EV0088
- CVE
- CVE-2006-1129 CVE-2006-1130
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- EKINboard (http://www.ekinboard.com/)
- Version
- 1.0.3
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in EKINboard (http://www.ekinboard.com/) script.
1. 'img' BBCode Cross-Site Scripting Vulnerability.
Arbitrary JavaScript code insertion is possible in BBcode [img].
2. Cookie 'username' SQL Injection Vulnerability
Vulnerable Script: config.php
Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
PoC/Exploit
1. BBCode Cross-Site Scripting Example
[img=javascript:alert(123)]
2. Cookie 'username' SQL Injection Example
Cookie: username=' or 1/*
Cookie: password=[any]
Solution.
Vendor-provided patch is available here:
http://www.ekinboard.com/forums/v1/viewtopic.php?id=469