SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   XennoBB Vendors:   Xenno Group
XennoBB Missing Input Validation in the 'bday_day', 'bday_month', and 'bday_year' Parameters Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1016643
SecurityTracker URL:  http://securitytracker.com/id/1016643
CVE Reference:   CVE-2006-4025   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 7 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 2.1.0 and prior versions
Description:   A vulnerability was reported in XennoBB. A remote user can inject SQL commands.

The software does not properly validate user-supplied input in the the 'bday_day', 'bday_month', and 'bday_year' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Chris Boulton discovered this vulnerability.
Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.xennobb.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Sun, 06 Aug 2006 04:39:38 +0000
Subject:  XennoBB <= 2.1.0

--------------------- SUMMARY ---------------------


Name:

	XennoBB "birthday" SQL Injection (6/8/2006)


Vendor / Product:

	XennoBB Group

	http://www.xennobb.com/

	

	Description:

	The world's most revolutionary and easy to use bulletin board.


	Revolutionary because it redefines the boundaries of usability

	and power; from the first version it's a real alternative to

	the commercial forums out there.


	How can XennoBB be described in few words? 

	Lightning-speed, stable, SECURED(?) and modern.

	

Version(s) Affected:

	<= 2.1.0

	

Severity:

	High

	

Impact:

	SQL Injection (Remote)


Status:

	Unpatched

	

Discovered by:

	Chris Boulton <http://www.surfionline.com>

	

------------------- DESCRIPTION -------------------


An exploit exists in the above mentioned versions of XennoBB which

can be exploited by malicious users to conduct SQL injection attacks.


Input passed to the "bday_day", "bday_month" and "bday_year form

fields is not properly sanitised before being used in an SQL query.

This exploit can lead to manipulation of SQL queries by injecting

arbitary SQL code.


--------------------- EXPLOIT ---------------------


Submit a forged POST request to


/profile.php?section=personal&id={your registered user ID here}


With the following as the POST data:


form_sent=1&form[sex]=a&bday_day=1&bday_month=2&bday_year=", group_id=1, birthday="


Successful exploitation leads to the user group being changed to

that of Administrators.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC