PunkBuster Database Remote SQL Injection Vulnerability
BID:9697
Info
PunkBuster Database Remote SQL Injection Vulnerability
| Bugtraq ID: | 9697 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2004 12:00AM |
| Updated: | Feb 19 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to "Just1n T1mberlake" <[email protected]>. |
| Vulnerable: |
PunkBuster PunkBuster Database 6.0 alpha PunkBuster PunkBuster Database 5.0 alpha PunkBuster PunkBuster Database 4.0 alpha PunkBuster PunkBuster Database 3.0 alpha PunkBuster PunkBuster Database 2.0 alpha PunkBuster PunkBuster Database 1.0 alpha |
| Not Vulnerable: | |
Discussion
PunkBuster Database Remote SQL Injection Vulnerability
Reportedly PunkBuster is prone ot a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied input.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been reported that an attacker may be able to disclose the administrator password hash by exploiting this issue.
Reportedly PunkBuster is prone ot a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied input.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been reported that an attacker may be able to disclose the administrator password hash by exploiting this issue.
Exploit / POC
PunkBuster Database Remote SQL Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
PunkBuster Database Remote SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PunkBuster Database Remote SQL Injection Vulnerability
References:
References:
- Product Home Page (PunkBuster)
- PunkBuster SQL Injection Attack ("Just1n T1mberlake"