DeluxeBB Missing Input Validation in 'cp.php' Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1016384
|
|
SecurityTracker URL: http://securitytracker.com/id?1016384
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 26 2006
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Version(s): 1.07
|
Description: A vulnerability was reported in DeluxeBB. A remote user can inject SQL commands.
The 'cp.php' script does not properly validate user-supplied input in the 'xmsn' and 'membercode' parameters. A remote user can
supply a specially crafted parameter value to gain administrative privileges on the target application.
A demonstration exploit
is available at:
http://www.milw0rm.com/exploits/1953
Hessam-x of the Iran Hackerz Security Team discovered this vulnerability.
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.deluxebb.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: Hessamx@hessamx.net
|
Message History:
None.
|
Source Message Contents
|
Date: 25 Jun 2006 18:19:51 -0000
From: Hessamx@hessamx.net
Subject: DeluxeBB 1.07 Create admin Exploit
|
DeluxeBB 1.07 Create admin Exploit
----------------------------------------
+ Summary :
Name : DeluxeBB 1.07
Class : Remote
Risk : High
+ Description:
DeluxeBB (1.07) Have a high Security Bug in
user control panel (cp.php) .
this bug allows to users change access level
with inject qurry in update settings.
----------------------------------------
+ Exploit : www.milw0rm.com/exploits/1953
----------------------------------------
~ Discovered By Hessam-x
Iran Hackerz Security Team www.hackerz.ir
----------------------------------------
|
|
