e-zonemedia's Fuse Talk is vulnerable to malicious SQL. Improper form
sanitization makes it possible for any user to manipulate data as (s)he
feels fit. On the sign up form (join.cfm) is possible to pass a well
crafted form variable to the action template (it's the same template
subsequently join.cfm) that will execute malicious SQL. This is made
possible by not filtering the (;) semi-colon. Examine the following code:

1;delete from users

or

1;exec sp_addlogin "OsamaBinLadenSucks"

I don't need to tell you the impact of this code. Time and time again I see
you guys emphasize the need for proper form validation, but some people
don't listen. I would have notified the company (www.e-mediazone.com), but
I think this news would be better delivered by a organization known as a
leader in security. I trust if you choose to publish this vulnerability,
you would do so only after the problem has been rectified.

Thanks

Cole.

p.s. I've attached the faulty template for your inspection. (look near line
241)

• text/plain attachment: join.txt

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]