6kbbs v8.0 SQL Injection Security Vulnerabilities
Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
(1) Vendor & Product Description:
Product & Vulnerable Versions:
Vendor URL & download:
6kbbs can be obtained from here,
Product Introduction Overview:
“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small; Interface generous and good scalability; functional and practical pursuing superior performance, good interface, the user’s preferred utility functions.”
“Interface: Using XHTML + CSS architecture, so that the structure of the page, easy to modify the interface; save the transmission of static page code, greatly reducing the amount of data transmitted over the network; improve the interface scalability, more in line with WEB standards, support Internet Explorer, FireFox, Opera and other mainstream browsers. The program: using ASP + ACCESS mature technology, the installation process is extremely simple, the operating environment is also very common.”
(2) Vulnerability Details:
6kbbs web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Several 6kbbs products 0-day vulnerabilities have been found by some other bug hunter researchers before. 6kbbs has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to 6kbbs vulnerabilities.
(2.1) The first code programming flaw occurs at “/ajaxmember.php?” page with “&userid” parameter.
(2.2) The second code programming flaw occurs at “/admin.php?” page with “&inc” parameter.