- 28 May 2008Advisories » how2ASP Webboard "qNo" Parameter Handling Remote SQL Injection Vulnerability
| Release Date: | 20/05/2008 | Severity: | Moderately Critical  |
| SecWatch Advisory: | SWID1021236 | Cause: | Input validation error |
| Solution Status: | Unpatched | Impact: | SQL Injection |
| Exploit Status: | PoC Available | Access Vector: | From remote |
| Affected Software: | how2ASP Webboard 4.x | ||
| References: | http://milw0rm.com/exploits/5638 FrSIRT/ADV-2008-1565 |
||
| Secunia: | SA30295 | ||
| Bugtraq ID: | BID#29263 | ||
Description:
An input validation vulnerability in how2ASP Webboard has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "qNo" parameter in showQAnswer.asp and potentially other pages is not properly sanitised before being used in SQL queries. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
how2ASP Webboard version 4.1. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/showQAnswer.asp?qNo=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
CWH Underground
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.