phpBB Blog 2.2.2 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html
vendor:http://www.outshine.com/phpbbblog/
affected version:2.2.2 and prior
Product Description:
This is a blog system for phpBB. It features an RSS feed, trackbacks, permalinks, support for BBCode and smileys, monthly archives (MySQL only), preliminary support for PostgreSQL and MS SQL, 7 optional stylesheets, integration with the phpBB Podcast mod, and GEO meta tags. Version 2.2.1 added a nice calendar. Version 2.2.2 contains bugfixes.
Vuln. Description:
Input passed to the "permalink" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example:
/?permalink=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.