by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

edmoBBS SQL inj. vuln.

edmoBBS SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.upyournet.com/edmobbs/index.php
affected version: V0.9 and prior

Product Description:
edmoBBS is not a cluttered and complex board system with membership requirements. It is instead, simple and modern. The goal of edmoBBS is to meet the needs of webmasters looking for an easy to manage and easy to use general purpose board which uses PHP and MySQL for efficiency and speed. Multiple boards can be created and managed with the poweful admin features. edmoBBS is available in two versions: A fully functional FREE version, and a more refined commercial version for $50.00.

Vuln. description:
Input passed to the "table" and "messageID" parameter isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/edmobbs9r.php?messageID=1&table=[SQL]
/edmobbs9r.php?messageID=1[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew