Woltlab Burning Board Links.PHP SQL Injection Vulnerability

Bugtraq ID:	18077
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 20 2006 12:00AM
Updated:	Aug 17 2006 10:00PM
Credit:	Snake_23 is credited with the discovery of this vulnerability.
Vulnerable:	Woltlab Burning Board 2.3.4 Woltlab Burning Board 2.3.3 Woltlab Burning Board 2.3.1 Woltlab Burning Board 2.2.2 Woltlab Burning Board 2.0 RC2 Woltlab Burning Board 2.0 RC1 Woltlab Burning Board 2.0 beta 5 Woltlab Burning Board 2.0 beta 4 Woltlab Burning Board 2.0 beta 3
Not Vulnerable:

Woltlab Burning Board Links.PHP SQL Injection Vulnerability

Woltlab Burning Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Woltlab Burning Board 2.3.4 and prior versions may be affected by this issue.

Woltlab Burning Board Links.PHP SQL Injection Vulnerability

Attackers can exploit this issue via a web client.

A proof of concept is available:

• /data/vulnerabilities/exploits/woltlab_sql_poc.pl
• /data/vulnerabilities/exploits/woltlab-bb-2.3.5-sqlinj.pl

Woltlab Burning Board Links.PHP SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Woltlab Burning Board Links.PHP SQL Injection Vulnerability

References:

• CityForFree Product Page (CityForFree)
  
• indexcity SQL Injection and XSS Vulnerabilities (Aliaksandr Hartsuyeu )