Bugtraq mailing list archives
Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
From: Bastian Ahrens <mail () b3cks com>
Date: Tue, 26 Sep 2006 22:46:57 +0000
Hi again,I had some time to research into this. I tested about ten boards with different versions from 2.3.3 to 2.3.5. On some this bug works on some it doesn't, independent of the version! On pages this doesn't work you will only get an empty thread without any posts as I told, otherwise you will get this typical "SQL-DATABASE ERROR" message. So just a small bug, nothing special and no really injection. But why does this work on some pages and others not? Maybe some PHP/MySQL restrictions?
Regards Bastian Ahrens Rickard Andersson wrote:
I had nothing to do with the initial report, but I did manage to reproduce it. Just try to navigate to page -1 in any topic. For example: http://www.woltlab.de/en/forum/thread.php?threadid=2802&page=-1 Cheers, Rickard On 9/23/06, Bastian Ahrens <mail () b3cks com> wrote:Hi, I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I just get a normal thread page but without any postings. Where is the SQL "injection"? More infos would be great. Greets Bastian Ahrens sn4k3.23 () gmail com wrote: > Use it like this: > > http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1 > > Ok, its kinda useless 'cause it's an "ORDER BY", but u can see: > > - the PHP Version > - the MySQL version > - the wBB Version (when it has been faked or removed) > > Greets, > > 666 - www.sr-crew.de.tt >
Current thread:
- Woltlab Burning Board 2.3.X SQL Injection Vulnerability sn4k3 . 23 (Sep 22)
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- Message not available
- Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 26)
- Message not available
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- <Possible follow-ups>
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability x82_ (Sep 25)