Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

[tech] DUforum SQL Vulnerabilities

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
nickdw Donating Member (62 posts) Send PM | Profile | Ignore Thu Jun-23-05 12:23 PM
Original message
[tech] DUforum SQL Vulnerabilities
TITLE:
DUware DUforum SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA15802

VERIFY ADVISORY:
http://secunia.com/advisories/15802/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
DUware DUforum 3.x
http://secunia.com/product/2855/

DESCRIPTION:
Dedi Dwianto has reported some vulnerabilities in DUforum, which can
be exploited by malicious people to conduct SQL injection attacks.

Certain input in some scripts isn't properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

The vulnerabilities have been reported in version 3.1. Other versions
may also be affected.

SOLUTION:
Filter malicious characters and character sequences in a proxy or
firewall with URL filtering capabilities.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Dedi Dwianto

ORIGINAL ADVISORY:
http://echo.or.id/adv/adv19-theday-2005.txt

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Printer Friendly | Permalink |  | Top
ET Awful Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Jun-23-05 12:27 PM
Response to Original message
1. Well, DU is powered by DCForum+ Version 1.1
I'm not sure what DUForum is.
Printer Friendly | Permalink |  | Top
 
Elad ADMIN Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Jun-23-05 12:27 PM
Response to Original message
2. I'm locking this
You do realize that "DUware" is a company that makes software for websites, but is completely independent from Democratic Underground? We do not use their software.
http://www.duware.com/home/

Do to the potential for confusion, I'm locking this thread.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Fri Dec 27th 2024, 03:56 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC