New eVuln Advisory:
Skate Board Multimple Vulnerabilities
http://evuln.com/vulns/84/summary.html
--------------------Summary----------------
eVuln ID: EV0084
CVE: CVE-2006-0809 CVE-2006-0810 CVE-2006-0811
Software: Skate Board
Sowtware's Web Site: http://bb.jiraiya.se/main.php?content=start
Versions: 0.9
Critical Level: Dangerous
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
Vulnerable script: includes/root/sendpass.php
Variable $_POST[usern] isn't properly sanitized before being used in a SQL query. This can be used to make
any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Vulnerable scripts:
includes/root/login.php
includes/root/logged.php
Variables $_POST[usern] $_POST[passwd] $_COOKIE[sf_cookie] are not properly sanitized before being used in a
SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and make authorization
bypass.
Condition: magic_quotes_gpc - off
Administrator has an ability to edit values of variables in config.php This can be used to inject arbitrary
PHP code.
System access is possible.
Vulnerable script: includes/root/reguser.php
All user-defined data from registration form isn't properly sanitized. This can be used to inject arbitrary
html or script code.
--------------Exploit----------------------
Available at: http://evuln.com/vulns/84/exploit.html
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.