DeluxeBB Missing Input Validation in 'cp.php' Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1016384 |
|
SecurityTracker URL: http://securitytracker.com/id/1016384
|
|
CVE Reference:
CVE-2006-3304
(Links to External Site)
|
Updated: May 9 2009
|
Original Entry Date: Jun 26 2006
|
Impact:
Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Version(s): 1.07
|
Description:
A vulnerability was reported in DeluxeBB. A remote user can inject SQL commands.
The 'cp.php' script does not properly validate user-supplied input in the 'xmsn' and 'membercode' parameters. A remote user can supply a specially crafted parameter value to gain administrative privileges on the target application.
A demonstration exploit is available at:
http://www.milw0rm.com/exploits/1953
Hessam-x of the Iran Hackerz Security Team discovered this vulnerability.
|
Impact:
A remote user can execute SQL commands on the underlying database.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.deluxebb.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: 25 Jun 2006 18:19:51 -0000
Subject: DeluxeBB 1.07 Create admin Exploit
|
DeluxeBB 1.07 Create admin Exploit
----------------------------------------
+ Summary :
Name : DeluxeBB 1.07
Class : Remote
Risk : High
+ Description:
DeluxeBB (1.07) Have a high Security Bug in
user control panel (cp.php) .
this bug allows to users change access level
with inject qurry in update settings.
----------------------------------------
+ Exploit : www.milw0rm.com/exploits/1953
----------------------------------------
~ Discovered By Hessam-x
Iran Hackerz Security Team www.hackerz.ir
----------------------------------------
|
|
