IdealBB Multiple Input Validation Vulnerabilities
BID:17920
CVE-2006-2317 | CVE-2006-2318 | CVE-2006-2319 | CVE-2006-2320 | CVE-2006-2321 |Info
IdealBB Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17920 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2006 12:00AM |
| Updated: | May 10 2006 10:39PM |
| Credit: | CodeScan Labs is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Ideal Science IdealBB 1.5.3 |
| Not Vulnerable: | |
Discussion
IdealBB Multiple Input Validation Vulnerabilities
IdealBB is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, cross-site scripting, and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, execute remote PHP code in the context of the webserver process, access sensitive information, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
IdealBB is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, cross-site scripting, and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, execute remote PHP code in the context of the webserver process, access sensitive information, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.
Exploit / POC
IdealBB Multiple Input Validation Vulnerabilities
These issues, which can be exploited through a web client, were discovered by CodeScan Labs with the CodeScan ASP tool.
These issues, which can be exploited through a web client, were discovered by CodeScan Labs with the CodeScan ASP tool.
Solution / Fix
IdealBB Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
IdealBB Multiple Input Validation Vulnerabilities
References:
References:
- Ideal Bulletin Board Homepage (Ideal Science)
- Multiple Vulnerabilities In IdealBB ASP Bulletin Board ("CodeScan Labs"