| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051026140128.1722.qmail@securityfocus.com> Date: 26 Oct 2005 14:01:28 -0000 From: admin@...znet.com To: bugtraq@...urityfocus.com Subject: Woltlab Burning Board info_db.php multiple SQL injection ################################################################# # # Woltlab Burning Board info_db.php multiple SQL # injection # ################################################################# ->discovered by [R] Vendor: "Trooper" URL: www.wbbcoderforum.de Version: <= 2.7 Type: SQL-injection Description: ------------------------ Info-DB is a very powerful and popular download-module with many features. Information: ------------------------ Info-DB is prone to multiple SQL injection vulnerabilities. (It's possible to upload any files through info_db.php.) Bug: ------------------------ [1] /info_db.php?action=file&fileid=[SQL-Injection] [2] /info_db.php?action=file&fileid=59&subkatid=[SQL-injection] Both tested on 2.5. All other versions should be vulnerable, too. An exploit-code is available at rootbox.cx.la/batznet.com Patch: ------------------------ No Patch available. Greetz: ------------------------ greetz fly out to 2lm, Lux2, redice, triple6, darkkilla, EaTh // written by [R] // www.batznet.com
Powered by blists - more mailing lists