by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

ShockBoard SQL inj. vuln.

ShockBoard SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.sourceshock.com/
affected version:v3.0 and v4.0 [develop. version]

Product Description:
An easy to setup and use message board written PHP with MySql on the backend. Features: Avatars; Smilies; Advanced profiles; moderators, supermoderators and administrators; Database cleanup function; Standard thingies like quotes, delete messages; Private forums; and more

Vuln. description:
Input passed to the "offset" parameter in "topic.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/topic.php?offset=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

thanx for spreading the word and certainly thanx for mailing me the problem!!!!!!!!!!!!

6:46 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew