Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title SkyPortal contains multiple SQL injection vulnerabilities
Informations
Name VU#315107 First vendor Publication 2008-06-11
Vendor VU-CERT Last vendor Modification 2008-06-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#315107

SkyPortal contains multiple SQL injection vulnerabilities

Overview

SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data.

I. Description

SkyPortal is a modular web portal and online community system that includes web-based administration, user selectable skins, user control panel and additional modules such as Public Events Calendar, Classifieds Manager, WebLinks Manager, Download Manager, Article Manager, and Picture Manager.

There are multiple vulnerabilities in a number of pages and functions. These include nc_top.asp, inc_bookmarks.asp, inc_profile_functions.asp, inc_SUBSCRIPTIONS.asp, Avatar_URL, LINK1, and LINK2. Processing of maliciously crafted SQL commands to any of these functions could trigger the vulnerabilities.

Any web site developed with vulnerable versions of SkyPortal will (or is likely to) contain SQL injection vulnerabilities.

II. Impact

By sending specially crafted SQL statements to any of the stated functions, a remote, unauthenticated attacker could gain access to the system to add, modify or remove data. Attackers are using automated tools to inject malicious content into vulnerable sites.

III. Solution

This vulnerability was addressed in SkyPortal 1.0 and later.

Systems Affected

VendorStatusDate Updated
SkyPortalVulnerable10-Jun-2008

References


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6078
http://www.security-database.com/detail.php?cve=CVE-2007-6078
http://xforce.iss.net/xforce/xfdb/38595
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=207402562
http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html
http://www.owasp.org/index.php/SQL_Injection

Credit

The BugReport Security Research & Penetration Testing Group is credited with the discovery of these vulnerabilities.

This document was written by Joseph Pruszynski.

Other Information

Date Public11/21/2007
Date First Published06/11/2008 02:21:16 PM
Date Last Updated06/11/2008
CERT Advisory 
CVE NameCVE-2007-6078
US-CERT Technical Alerts 
Metric26.21
Document Revision17

Original Source

Url : http://www.kb.cert.org/vuls/id/315107

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
41046 SkyPortal cp_main.asp Multiple Parameter SQL Injection
41045 SkyPortal inc_SUBSCRIPTIONS.asp Unspecified Parameter SQL Injection
41044 SkyPortal inc_profile_functions.asp Unspecified Parameter SQL Injection
41043 SkyPortal inc_bookmarks.asp Unspecified Parameter SQL Injection
41042 SkyPortal nc_top.asp Unspecified Parameter SQL Injection