Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

File Including In PBLang

[SA17333] phpESP Unspecified Cross-Site Scripting and SQL Injection

[SA17353] gCards "limit" SQL Injection Vulnerability

[Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail

From:	poizon_(at)_securityinfo.ru <poizon_(at)_securityinfo.ru>
Date:	26.10.2005
Subject:	DboardGear - uncorrect import themes (SQL-inject)

Hello all.
I m check it:
>>>>>>>>>>>>>>>>>>>
DboardGear ..
Search By Google :-
by DboardGear
Gr33tz :-
        aLMaSTeR HaCKeR .. SQL Injection's FOunder   - | almaster <at>
hotmail.com|-
        Security4Arab .. A'Where Home ..
1- SQL Injection in buddy.php
http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR
2-SQL Injection in u2a.php
http://www.site.com/dboard/u2u.php?action=view&u2uid=|aLMaSTeR
Error:
You have an error in your SQL syntax near '' at line 1
>>>>>>>>>>>>>>>
and find new bug in this board.
SQL-inject available in /dboard/ctrtools.php?action=themes, when you try
import incorrect (not valid) Theme File. I'm just try import text file
with listing my home catalog, and i got it error:
You have an error in your SQL syntax near ') VALUES)' at line 1

I'm not authorizated on board.
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru