MyBulletinBoard (MyBB) editpost.php pid Variable SQL Injection

2005-05-31T05:55:34
ID OSVDB:17017
Type osvdb
Reporter Alberto Trivero(trivero@jumpy.it)
Modified 2005-05-31T05:55:34

Description

Vulnerability Description

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pid' variable in the editpost.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MyBB Group has released a patch to address this vulnerability.

Short Description

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'pid' variable in the editpost.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/mybb/editpost.php?pid='[sql_query]

References:

Vendor URL: http://www.mybboard.com/ Vendor Specific Solution URL: http://www.mybboard.com/community/showthread.php?tid=2559 Security Tracker: 1014082 Secunia Advisory ID:15552 Related OSVDB ID: 17014 Related OSVDB ID: 17015 Related OSVDB ID: 17023 Related OSVDB ID: 17019 Related OSVDB ID: 17020 Related OSVDB ID: 17021 Related OSVDB ID: 17024 Related OSVDB ID: 17027 Related OSVDB ID: 17008 Related OSVDB ID: 17016 Related OSVDB ID: 17022 Related OSVDB ID: 17025 Related OSVDB ID: 17026 Related OSVDB ID: 17018 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0357.html CVE-2005-1833