UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
BID:12784
Info
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12784 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 11 2005 12:00AM |
| Updated: | Mar 11 2005 12:00AM |
| Credit: | Discovery is credited to ADZ Security Team. |
| Vulnerable: |
UBBCentral UBB.threads 6.0 |
| Not Vulnerable: | |
Discussion
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
It is reported that UBB.threads is prone to an SQL injection vulnerability.
The SQL injection vulnerability is reported to affect the 'editpost.php' script.
UBB.threads 6.0 is reported prone to this issue. It is likely that other versions are affected as well.
It is reported that UBB.threads is prone to an SQL injection vulnerability.
The SQL injection vulnerability is reported to affect the 'editpost.php' script.
UBB.threads 6.0 is reported prone to this issue. It is likely that other versions are affected as well.
Exploit / POC
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
An exploit is not required.
The following example is available:
http://www.example.com/[path]/editpost.php?Cat=X&Board=X&Number=1'%20OR%20'a'='a
An exploit is not required.
The following example is available:
http://www.example.com/[path]/editpost.php?Cat=X&Board=X&Number=1'%20OR%20'a'='a
Solution / Fix
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
References:
References:
- UBB.threads Homepage (UBBCentral)
- UBB.threads 6 SQL Injection (