VBZoom Forum Show.PHP MainID SQL Injection Vulnerability
BID:16955
Info
VBZoom Forum Show.PHP MainID SQL Injection Vulnerability
| Bugtraq ID: | 16955 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2006 12:00AM |
| Updated: | Mar 08 2006 10:05PM |
| Credit: | Mr.SNAKE <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
VBZoom VBZoom 1.11 |
| Not Vulnerable: | |
Discussion
VBZoom Forum Show.PHP MainID SQL Injection Vulnerability
VBZooM Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
VBZooM Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Exploit / POC
VBZoom Forum Show.PHP MainID SQL Injection Vulnerability
No exploit is required.
The following proof of concept URI is available:
http://www.example.com/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1
No exploit is required.
The following proof of concept URI is available:
http://www.example.com/vz/show.php?UserID=1&MainID=[SQL]&SubjectID=1
Solution / Fix
VBZoom Forum Show.PHP MainID SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]