Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability

---

• From: Bastian Ahrens <mail@xxxxxxxxx>
• Date: Tue, 26 Sep 2006 22:46:57 +0000

---

Hi again,

I had some time to research into this. I tested about ten boards with different versions from 2.3.3 to 2.3.5. On some this bug works on some it doesn't, independent of the version! On pages this doesn't work you will only get an empty thread without any posts as I told, otherwise you will get this typical "SQL-DATABASE ERROR" message. So just a small bug, nothing special and no really injection. But why does this work on some pages and others not? Maybe some PHP/MySQL restrictions?

Regards
Bastian Ahrens


Rickard Andersson wrote:

I had nothing to do with the initial report, but I did manage to
reproduce it. Just try to navigate to page -1 in any topic. For
example:

http://www.woltlab.de/en/forum/thread.php?threadid=2802&page=-1

Cheers,
Rickard


On 9/23/06, Bastian Ahrens <mail@xxxxxxxxx> wrote:

Hi,

I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I
just get a normal thread page but without any postings. Where is the
SQL "injection"? More infos would be great.

Greets
Bastian Ahrens


sn4k3.23@xxxxxxxxx wrote:
> Use it like this:
>
> http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1
>
> Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:
>
> - the PHP Version
> - the MySQL version
> - the wBB Version (when it has been faked or removed)
>
> Greets,
>
> 666 - www.sr-crew.de.tt
>

---

• References:
  • Woltlab Burning Board 2.3.X SQL Injection Vulnerability
    • From: sn4k3 . 23
  • Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
    • From: Bastian Ahrens

• Prev by Date: Windows VML security update MS06-055 released
• Next by Date: ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
• Previous by thread: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
• Next by thread: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FW: WordPress 2.0.1 Multiple Vulnerabilities ... Admin Panel> Options> Discussion: ... any HTML (or script) code that he/she want but without any " or ' ... HTML/script Injection using `name' or `website' variables, ... When I discovered this bug, I reported it to some pepople before ... (Bugtraq) WordPress 2.0.1 Multiple Vulnerabilities ... WordPress 2.0.1 & lower ones ... the admin. ... HTML/script Injection using `name' or `website' variables, ... When I discovered this bug, I reported it to some pepople before ... (Bugtraq) Re: WordPress 2.0.1 Multiple Vulnerabilities ... WordPress 2.0.1 & lower ones ... the admin. ... HTML/script Injection using `name' or `website' variables, ... When I discovered this bug, I reported it to some pepople before ... (Bugtraq) Re: WordPress 2.0.1 Multiple Vulnerabilities ... Here a critical bug is an arbitrary command execution, account ownage, etc ... script) code that he/she want but without any " or ' character, ... admin. ... injection, the `big' problem its that we cannot use " or ' chars ... (Bugtraq) Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability ... I can't confirm this "bug". ... I tested it with WBB 2.3.3 and 2.3.4 and I just get a normal thread page but without any postings. ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2006-09