Vulnerabilities > CVE-2005-2048 - SQL-Injection vulnerability in Duware Duforum 3.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

duware

nessus

exploit available

NVD

Published: 2005-06-22

Updated: 2018-10-19

Summary

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

Vulnerable Configurations

Part	Description	Count
Application	Duware Duware Duforum 3.1	1

Exploit-Db

description	DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform
id	EDB-ID:25870
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25870/
title	DUware DUforum 3.0/3.1 forums.asp iFor Parameter SQL Injection

description	DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection. CVE-2005-2048 . Webapps exploit for asp platform
id	EDB-ID:25868
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25868/
title	DUware DUforum 3.0/3.1 messages.asp iMsg Parameter SQL Injection

description	DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection. CVE-2005-2048. Webapps exploit for asp platform
id	EDB-ID:25869
last seen	2016-02-03
modified	2005-06-22
published	2005-06-22
reporter	Dedi Dwianto
source	https://www.exploit-db.com/download/25869/
title	DUware DUforum 3.0/3.1 post.asp iFor Parameter SQL Injection

Nessus

NASL family	CGI abuses
NASL id	DUFORUM_SQL_INJECTIONS.NASL
description	The remote host is running DUforum, a web-based message board written in ASP from DUware. The installed version of DUforum fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen	2020-06-01
modified	2020-06-02
plugin id	18567
published	2005-06-28
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18567
title	DUforum Multiple Scripts SQL Injection
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18567); script_version("1.15"); script_cve_id("CVE-2005-2048"); script_bugtraq_id(14035); script_name(english:"DUforum Multiple Scripts SQL Injection"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an ASP application that is vulnerable to multiple SQL injection attacks." ); script_set_attribute(attribute:"description", value: "The remote host is running DUforum, a web-based message board written in ASP from DUware. The installed version of DUforum fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database." ); script_set_attribute(attribute:"see_also", value:"http://echo.or.id/adv/adv19-theday-2005.txt" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/175" ); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/28"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/22"); script_cvs_date("Date: 2018/11/15 20:50:16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for multiple SQL injection vulnerabilities in DUforum"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/ASP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_asp(port:port)) exit(0); # Loop through CGI directories. foreach dir (cgi_dirs()) { # Try to exploit one of the flaws. u = string( dir, "/forums.asp?", "iFor=", SCRIPT_NAME, "'" ); r = http_send_recv3(port:port, method: "GET", item: u); if (isnull(r)) exit(0); # There's a problem if... if ( # it looks like DUforum and... 'href="assets/DUforum.css" rel="stylesheet"' >< r[2] && # there's a syntax error. string("Syntax error in string in query expression 'FOR_ID = ", SCRIPT_NAME, "'") >< r[2] ) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References