vbPortal Anonymous E-mail Sending via SQL Injection

2003-11-22T07:04:04
ID OSVDB:2856
Type osvdb
Reporter OSVDB
Modified 2003-11-22T07:04:04

Description

Vulnerability Description

A flaw in vbPortal may allow an attacker to send e-mail without authentication. The flaw lies in the friend.php file with the SendStory and SendSite functions. Through the 'yname' and 'ymail' variables, an attacker can inject arbitrary material by using line feeds.

Solution Description

Upgrade to version 3.0b or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch included by the advisory author.

Short Description

A flaw in vbPortal may allow an attacker to send e-mail without authentication. The flaw lies in the friend.php file with the SendStory and SendSite functions. Through the 'yname' and 'ymail' variables, an attacker can inject arbitrary material by using line feeds.

References:

Secunia Advisory ID:10279 ISS X-Force ID: 13816 Generic Informational URL: http://www.security-corporation.com/advisories-021.html Bugtraq ID: 9088