I'm new to this forum, so far have been more than happy with speedy responses to questions I have had.
Now I have another one...
I have been looking into forums for some time now, because I've been looking for one to use for my next site. I looked into this one that Anandtech is using called FuseTalk and am surprised as to why the company would have released it's it's forum software with a vulnerability like the one I've found.
--- > E-Zonemedia's Fuse Talk is vulnerable to malicious SQL injection. Improper form sanitization makes it possible for any user to manipulate data as they see fit. The vulnerability is present in the sign up form (join.cfm), a well-crafted form variable will execute malicious SQL. This is caused because the form does not filtering out semi-colon (
.
Example:
Examine the following code:
1;delete from users
or
1;exec sp_addlogin "whatever"
If they are passed to the time zones parameter, the following SQL will be executed:
select chdifference from timezones where itimezoneid = 1;exec sp_addlogin "whatever"
This will have the effect of adding a new user to the SQL's user database, allowing the user to logon without requiring a password.
Vulnerable code:
<cfquery name="qgetdiff" datasource="#ds#">
select chdifference from timezones where itimezoneid = #timezone#
</cfquery>
Is this for some previous version? Have they fixed this flaw? Nto about to try it out because I'd like to remain a member, but if this at all helps the moderators fix any issues they have been having with some people and want to know why. Then here it is.... If they've fixed this problem, I'd be interested in knowing.
LaterZzz M8'zz
WhiteAngel ô¿ô
Now I have another one...
I have been looking into forums for some time now, because I've been looking for one to use for my next site. I looked into this one that Anandtech is using called FuseTalk and am surprised as to why the company would have released it's it's forum software with a vulnerability like the one I've found.
--- > E-Zonemedia's Fuse Talk is vulnerable to malicious SQL injection. Improper form sanitization makes it possible for any user to manipulate data as they see fit. The vulnerability is present in the sign up form (join.cfm), a well-crafted form variable will execute malicious SQL. This is caused because the form does not filtering out semi-colon (
.Example:
Examine the following code:
1;delete from users
or
1;exec sp_addlogin "whatever"
If they are passed to the time zones parameter, the following SQL will be executed:
select chdifference from timezones where itimezoneid = 1;exec sp_addlogin "whatever"
This will have the effect of adding a new user to the SQL's user database, allowing the user to logon without requiring a password.
Vulnerable code:
<cfquery name="qgetdiff" datasource="#ds#">
select chdifference from timezones where itimezoneid = #timezone#
</cfquery>
Is this for some previous version? Have they fixed this flaw? Nto about to try it out because I'd like to remain a member, but if this at all helps the moderators fix any issues they have been having with some people and want to know why. Then here it is.... If they've fixed this problem, I'd be interested in knowing.
LaterZzz M8'zz
WhiteAngel ô¿ô
Facebook
Twitter