Bugtraq mailing list archives
IceBB 1.0rc6 <= Remote SQL Injection
From: aeroxteam-nospam () gmail com
Date: 18 Nov 2007 23:46:41 -0000
[|Description:|] A security breach has been discoverd in IceBB 1.0-rc6. This breach is caused by a bad filtering of the X-Forwarded-For variable:
./includes/functions.php, line 73
$ip = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED_FOR']; $ip = $this->clean_key($ip); $input['ICEBB_USER_IP'] = $ip;
./icebb.php, line 169
$icebb->client_ip = $input['ICEBB_USER_IP'];
./admin/index.php, line 112
$icebb->adsess = $db->fetch_result("SELECT adsess.*,u.id as userid,u.username,u.temp_ban,g.g_view_board FROM icebb_adsess AS adsess LEFT JOIN icebb_users AS u ON u.username=adsess.user LEFT JOIN icebb_groups AS g ON u.user_group=g.gid WHERE adsess.asid='{$icebb->input['s']}' AND adsess.ip='{$icebb->client_ip}' LIMIT 1"); A hacker could exploit this security breach in order to alter a SQL request. [|Exploit:|] http://www.aeroxteam.fr/exploit-IceBB-1.0rc6.php [|Solution:|] No one. Think about update your forum core when a patch will be available on the official website. [|Credits:|] Gu1ll4um3r0m41n (aeroxteam --[at]-- gmail --[dot]-- com) for AeroX (AeroXteam.fr) [|Greetz:|] Math², KERNEL_ERROR, NeoMorphS, Snake91, Goundy, Alkino (...) And everybody from #aerox
Current thread:
- IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam (Nov 19)
- <Possible follow-ups>
- Re: IceBB 1.0rc6 <= Remote SQL Injection aeroxteam-nospam (Nov 19)