Affected Versions:
BBSGood 5.0/5.0.2
Vulnerability description:
BBSGOOD is the first Forum in China to use caching technology. BBSGOOD's post and list homepage can generate static HTML files. In the file moprepost. asp: if Request. ServerVariables ("HTTP_X_FORWARDED_FOR") = ""
then ipdress=Request.ServerVariables("REMOTE_ADDR")
Else ipdress = Request. ServerVariables ("HTTP_X_FORWARDED_FOR") end if // 351st rows ...... SQL = "insert into LxTel_Topic (BoardID, Ftbq, TitleColor, Subject, Text, PostUser,
PostTime,RePostNum,RePostUser,IP,CreateHtml,FileName,LastPostTime,LastPostUser,
BuyPostType,BuyNum,BuyExplanation,BuyUser,IsBest,FilePageNum,Hits,IsTop,Admin,
IsDel,ZT,GG,CommTrue,BoldFace,postsh,myfiles) values " sql=sql+"("&BoardID&","&Ftbq&","&TitleColor&",
"&Server.HTMLEncode(titlename)&","&nl&","&UserName&","&PostTime&",0,
"&UserName&","&ipdress&","&IsCreateHtml&","&FileName&","&PostTime&",
"&UserName&","&BuyPostType&","&BuyNum&","&BuyExplanation&","&UserName&"
, 380th, 0, 0, "& BoldFace &", "& shzt &", 0) "// rows conn.exe cute (SQL) the environment variable HTTP_X_FORWARDED_FOR is modified locally and submitted. The program does not filter the variable in the SQL statement to cause injection.
Vulnerability generation.
<* Reference
Http://www.bbsgood.com/
Http://www.wavdb.com/
*>Security repair
Vendor patch: BBSGood. Speed:
html">http://bbs.bbsgood.com/2010-6/16/1103571834.html