MercuryBoard INDEX.PHP SQL Injection Vulnerability
BID:12503
Info
MercuryBoard INDEX.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12503 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2005 12:00AM |
| Updated: | Feb 09 2005 12:00AM |
| Credit: | Discovery is credited to Zeelock <[email protected]>. |
| Vulnerable: |
MercuryBoard Message Board 1.1.1 MercuryBoard Message Board 1.1 |
| Not Vulnerable: |
MercuryBoard Message Board 1.1.2 |
Discussion
MercuryBoard INDEX.PHP SQL Injection Vulnerability
MercuryBoard is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
The vulnerability is reported to affect the 'index.php' script.
MercuryBoard 1.1.1 and prior versions are affected by this vulnerability.
MercuryBoard is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
The vulnerability is reported to affect the 'index.php' script.
MercuryBoard 1.1.1 and prior versions are affected by this vulnerability.
Exploit / POC
MercuryBoard INDEX.PHP SQL Injection Vulnerability
The following proof of concept can disclose the administrator password hash:
http://www.example.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION
%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20
=%201%20limit%201/*
The following proof of concept can disclose the administrator password hash:
http://www.example.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION
%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20
=%201%20limit%201/*
Solution / Fix
MercuryBoard INDEX.PHP SQL Injection Vulnerability
Solution:
It is reported that MercuryBoard 1.1.2 addresses this issue.
MercuryBoard Message Board 1.1
MercuryBoard Message Board 1.1.1
Solution:
It is reported that MercuryBoard 1.1.2 addresses this issue.
MercuryBoard Message Board 1.1
-
MercuryBoard MercuryBoard 1.1.2
http://www.mercuryboard.com/index.php?a=downloads
MercuryBoard Message Board 1.1.1
-
MercuryBoard MercuryBoard 1.1.2
http://www.mercuryboard.com/index.php?a=downloads
References
MercuryBoard INDEX.PHP SQL Injection Vulnerability
References:
References:
- MecuryBoard Home Page (MercuryBoard)
- Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection ("Zeelock"