class-1 Forum viewforum.php Multiple Variable SQL Injection

2005-07-14T12:10:42
ID OSVDB:17923
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-07-14T12:10:42

Description

Vulnerability Description

class-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewforum.php' script not properly sanitizing user-supplied input to the 'id' and 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

class-1 Forum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewforum.php' script not properly sanitizing user-supplied input to the 'id' and 'forum' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/forum/viewforum.php?mode=view&id=[SQL-Injection] http://[target]/forum/viewforum.php?forum=[SQL-Injection]

References:

Vendor URL: http://www.class1web.co.uk/download_forum.php Security Tracker: 1014485 Security Tracker: 1014486 Secunia Advisory ID:16078 Related OSVDB ID: 17920 Related OSVDB ID: 17921 Related OSVDB ID: 17922 Other Advisory URL: http://lostmon.blogspot.com/2005/07/class-1-forum-software-cross-site.html ISS X-Force ID: 21470 CVE-2005-2323 Bugtraq ID: 14261