PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
BID:30822
Info
PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 30822 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 25 2008 12:00AM |
| Updated: | Aug 29 2008 01:14AM |
| Credit: | t0pP8uZz |
| Vulnerable: |
Sansak PHP-Ultimate Webboard 2.0 |
| Not Vulnerable: | |
Discussion
PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Successful exploits will allow unauthorized attackers to delete arbitrary questions and answers. Attackers may also exploit these issues to perform SQL-injection attacks.
PHP-Ultimate Webboard 2.0 is vulnerable; other versions may also be affected.
PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Successful exploits will allow unauthorized attackers to delete arbitrary questions and answers. Attackers may also exploit these issues to perform SQL-injection attacks.
PHP-Ultimate Webboard 2.0 is vulnerable; other versions may also be affected.
Exploit / POC
PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/webboard/admindel.php?action=delete&mode=question&qno=[NUM]&ano=[NUM]
Attackers can use a browser to exploit these issues.
The following example URI is available:
http://www.example.com/webboard/admindel.php?action=delete&mode=question&qno=[NUM]&ano=[NUM]
Solution / Fix
PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHP-Ultimate Webboard 'admindel.php' Multiple Input Validation Vulnerabilities
References:
References:
- PHP-Ultimate Webboard Homepage (Sansak)