Woltlab Burning Board info_db.php multiple SQL injection

2005.10.26
Risk: Low
Local: No
Remote: No
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

################################################################# # # Woltlab Burning Board info_db.php multiple SQL # injection # ################################################################# ->discovered by [R] Vendor: "Trooper" URL: www.wbbcoderforum.de Version: <= 2.7 Type: SQL-injection Description: ------------------------ Info-DB is a very powerful and popular download-module with many features. Information: ------------------------ Info-DB is prone to multiple SQL injection vulnerabilities. (It's possible to upload any files through info_db.php.) Bug: ------------------------ [1] /info_db.php?action=file&fileid=[SQL-Injection] [2] /info_db.php?action=file&fileid=59&subkatid=[SQL-injection] Both tested on 2.5. All other versions should be vulnerable, too. An exploit-code is available at rootbox.cx.la/batznet.com Patch: ------------------------ No Patch available. Greetz: ------------------------ greetz fly out to 2lm, Lux2, redice, triple6, darkkilla, EaTh // written by [R] // www.batznet.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top