SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WoltLab Burning Board (wBB) Vendors:   Woltlab
WoltLab Burning Board Input Validation Holes in 'modcp.php' Permit SQL Injection
SecurityTracker Alert ID:  1014746
SecurityTracker URL:  http://securitytracker.com/id/1014746
CVE Reference:   CVE-2005-2673   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 21 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network

Version(s): 2.2.2/2.3.3 and prior versions
Description:   A vulnerability was reported in WoltLab Burning Board. A remote user can inject SQL commands.

The 'modcp.php' script does not properly validate user-supplied input in the 'x' and 'y' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

/modcp.php?action=post_del&x='SQL_CODE_HERE
/modcp.php?action=post_del&x=6&y='SQL_CODE_HERE

[R] reported this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.woltlab.de/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection

#####################################################
# Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php  # SQL injection
# Discovered by [R]
#####################################################

Vendor:  WoltLab
URL:     http://www.woltlab.de/
Version: <= 2.3.3
Type:    SQL-injection




Description:
--------------------------------
The WoltLab Burning Board is a high customisable board software for every kind of use.


SQL injection in modcp.php:
--------------------------------
It's possible to execute malicious SQL code through modcp.php.
But we need access to modcp.php. So, we must be a moderator or something like that.

And here is the bug:

/modcp.php?action=post_del&x='SQL_CODE_HERE
/modcp.php?action=post_del&x=6&y='SQL_CODE_HERE


Patch:
--------------------------------
There isn't any patch from the vendor by now.


Greetz & Visit:
--------------------------------
Greetz to 2letterman, Lux2, Diabox, darkkilla, EaTh, redice

Visit: http://rootbox.cx.la/


// 08.20.2005
// written by [R]

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC