Date: Tue, 25 Oct 2005 14:28:40 +0400 (MSD)
Subject: DboardGear - uncorrect import themes (SQL-inject)
From: [email protected]
To: [email protected]
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ns1.standarthost.ru
X-AntiAbuse: Original Domain - securityfocus.com
X-AntiAbuse: Originator/Caller UID/GID - [1017 1018] / [26 6]
X-AntiAbuse: Sender Address Domain - securityinfo.ru
X-Source:
X-Source-Args:
X-Source-Dir:
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hello all.
I m check it:
>>>>>>>>>>>>>>>>>>>
DboardGear ..
Search By Google :-
by DboardGear
Gr33tz :-
aLMaSTeR HaCKeR .. SQL Injection's FOunder - | almaster <at>
hotmail.com|-
Security4Arab .. A'Where Home ..
1- SQL Injection in buddy.php
http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR
2-SQL Injection in u2a.php
http://www.site.com/dboard/u2u.php?action=view&u2uid=|aLMaSTeR
Error:
You have an error in your SQL syntax near '' at line 1
>>>>>>>>>>>>>>>
and find new bug in this board.
SQL-inject available in /dboard/ctrtools.php?action=themes, when you try
import incorrect (not valid) Theme File. I'm just try import text file
with listing my home catalog, and i got it error:
You have an error in your SQL syntax near ') VALUES)' at line 1
I'm not authorizated on board.
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru
