CVE-2006-3828 Information

Description

Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas quote characters pound sign () characters \UNION\ and \SELECT\ which are not filtered by the product which only checks for \insert\ \delete\ \update\ and \replace.\

Reference

http://secunia.com/advisories/21066 http://securityreason.com/securityalert/1252 http://securitytracker.com/id?1016515 http://www.acid-root.new.fr/advisories/boastmachine.txt http://www.securityfocus.com/archive/1/440306/100/0/threaded http://www.vupen.com/english/advisories/2006/2849