Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAndreas SandbladPACKETSTORM:47543
HistoryJun 21, 2006 - 12:00 a.m.

secunia-deluxebb.txt

2006-06-2100:00:00
Andreas Sandblad
packetstormsecurity.com
14

0.12 Low

EPSS

Percentile

94.8%

JSON
`======================================================================  
  
Secunia Research 14/06/2006  
  
- DeluxeBB SQL Injection and File Inclusion Vulnerabilities -  
  
======================================================================  
Table of Contents  
  
Affected Software....................................................1  
Severity.............................................................2  
Description of Vulnerabilities.......................................3  
Solution.............................................................4  
Time Table...........................................................5  
Credits..............................................................6  
References...........................................................7  
About Secunia........................................................8  
Verification.........................................................9  
  
======================================================================  
1) Affected Software  
  
DeluxeBB 1.06  
  
Other versions may also be affected.  
  
Product link:  
http://www.deluxebb.com/  
  
======================================================================  
2) Severity  
  
Rating: Highly critical  
Impact: System access, manipulation of data  
Where: From remote  
  
======================================================================  
3) Description of Vulnerabilities  
  
Secunia Research has discovered some vulnerabilities in DeluxeBB,   
which can be exploited by malicious people to conduct SQL injection   
attacks and compromise a vulnerable system.  
  
1) Input passed to the "templatefolder" parameter in various scripts   
isn't properly verified, before it is used to include files. This can   
be exploited to include arbitrary files from external and local   
resources.  
  
Examples:  
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]  
http://[host]/templates/deluxe/posting.php?templatefolder=[file]  
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]  
http://[host]/templates/default/postreply.php?templatefolder=[file]  
http://[host]/templates/default/posting.php?templatefolder=[file]  
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]  
  
Successful exploitation requires that "register_globals" is enabled.  
  
2) Input passed to the "hideemail", "languagex", "xthetimeoffset",   
and "xthetimeformat" parameters when registering for an account   
isn't properly sanitised before being used in a SQL query. This can   
be exploited to manipulate SQL queries by injecting arbitrary SQL   
code.  
  
Successful exploitation requires that "magic_quotes_gpc" is disabled.  
  
The vulnerabilities have been confirmed in version 1.06. Other   
versions may also be affected.  
  
======================================================================  
4) Solution  
  
Edit the source code to ensure that input is properly sanitised and   
verified.  
  
======================================================================  
5) Time Table  
  
26/05/2006 - Initial vendor notification.  
14/06/2006 - Public disclosure.  
  
======================================================================  
6) Credits  
  
Discovered by Andreas Sandblad, Secunia Research.  
  
======================================================================  
7) References  
  
The Common Vulnerabilities and Exposures (CVE) project has assigned   
CVE-2006-2914 (file inclusion) and CVE-2006-2915 (SQL injection)   
for the vulnerabilities.  
  
======================================================================  
8) About Secunia  
  
Secunia collects, validates, assesses, and writes advisories regarding  
all the latest software vulnerabilities disclosed to the public. These  
advisories are gathered in a publicly available database at the  
Secunia website:  
  
http://secunia.com/  
  
Secunia offers services to our customers enabling them to receive all  
relevant vulnerability information to their specific system  
configuration.  
  
Secunia offers a FREE mailing list called Secunia Security Advisories:  
  
http://secunia.com/secunia_security_advisories/  
  
======================================================================  
9) Verification  
  
Please verify this advisory by visiting the Secunia website:  
http://secunia.com/secunia_research/2006-44/advisory/  
  
Complete list of vulnerability reports published by Secunia Research:  
http://secunia.com/secunia_research/  
  
======================================================================  
  
`

Related

securityvulns 2
cve 2
prion 2
cvelist 2
securityvulns
securityvulns
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities
2006-06-29 00:00:00
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities
2006-06-15 00:00:00
cve
cve
CVE-2006-2915
2006-06-23 20:06:00
CVE-2006-2914
2006-06-23 19:06:00
prion
prion
Sql injection
2006-06-23 20:06:00
Remote file inclusion
2006-06-23 19:06:00
cvelist
cvelist
CVE-2006-2915
2006-06-23 20:00:00
CVE-2006-2914
2006-06-23 19:00:00

0.12 Low

EPSS

Percentile

94.8%

JSON
Related for PACKETSTORM:47543
securityvulns2cve2prion2cvelist2