[UNIX] Beehive Forum Software SQL Injection Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 4 Dec 2007 16:51:42 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Beehive Forum Software SQL Injection Vulnerability
<http://www.beehiveforum.net/> Beehive Forum is "an open source web based
forum application written in PHP". A vulnerability exists in the Beehive
Forum software that could allow a remote user to execute SQL injection
attacks. These attacks could compromise sensitive data including usernames
and passwords for the Beehive application. Arbitrary data from other
applications hosted on the same server could also be compromised,
depending on the configuration of MySQL.
* Beehive Forum version 0.7.1
* Beehive Forum version 0.8
This vulnerability exists because of a failure in the application to
properly sanitize user input for the variable "t_dedupe". This variable is
accepted as input in the page "post.php". The value of this variable is
then included in an SQL statement which is executed with the PHP function
"@mysql_query". This function is specifically designed to mitigate the
effects of an SQL injection attack by not allowing multiple SQL statements
in one call. However, it is still possible to manipulate the SQL statement
through the "t_dedupe" variable to obtain arbitrary data from the
There is a security vulnerability in Beehive Forum that could allow for
user logon and password MD5 hash disclosure.
This vulnerability has been fixed in the latest release of the product,
Beehive Forum 0.8. It is recommend all users immediately obtain the newest
version of Beehive Forum to protect against this threat.
Project Beehive Forum is available for download from the project website
at <http://www.beehiveforum.net/> http://www.beehiveforum.net/
If there are any further questions about this statement, please contact a
member of the development team.
It is recommend all users immediately obtain the newest version of Beehive
Forum to protect against this threat. Project Beehive Forum is available
for download from the project website at <http://www.beehiveforum.net/>
The information has been provided by <mailto:robert_brown@xxxxxxxxxxxx>
Nick Bennett and Robert Brown.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Citrix NetScaler Web Management Cookie Weakness
- Next by Date: [UNIX] Sing Privileges Escalation
- Previous by thread: [NT] Citrix NetScaler Web Management Cookie Weakness
- Next by thread: [UNIX] Sing Privileges Escalation