########################## WwW.BugReport.ir ###########################################
#
#      BugReport Security Research & Penetration Testing Group
#
# Title: [Sky Portal] Multiple SQL Injection Vulnerabilities
# Vendor: http://skyportal.net
# Exploitation: Remote with browser
# Fix Available: Patched In Last Version In Vendor
#######################################################################################


Description:
--------------------
A Lot Of Sql Injection Found And We Exploit One Of them
A Registered User Can Change His/Her Name And Read All Other's Private Messages.

Vulnerabilities:
--------------------
+--> Multiple SQL Injection Vulnerabilities

nc_top.asp Line 59 

--------------------------
user can delete all bookmarks
inc_bookmarks.asp line 179
delSQL = "DELETE FROM "& strTablePrefix & "BOOKMARKS WHERE BOOKMARK_ID = " & delBkmk(ib)

this file use from cp_main.asp
---------------------------

inc_profile_functions.asp
line 568,570,572,573

---------------------------

user can delete all SUBSCRIPTIONS>
inc_SUBSCRIPTIONS.asp line 163
delSQL = "DELETE FROM "& strTablePrefix & "SUBSCRIPTIONS WHERE SUBSCRIPTION_ID = " & delBkmk(ib)
executeThis(delSQL)
this file use from cp_main.asp