lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4519ADE1.3030304@b3cks.com>
Date: Tue, 26 Sep 2006 22:46:57 +0000
From: Bastian Ahrens <mail@...ks.com>
To: Rickard Andersson <rickard@...bb.org>, bugtraq@...urityfocus.com
Subject: Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability

Hi again,

I had some time to research into this. I tested about ten boards with 
different versions from 2.3.3 to 2.3.5. On some this bug works on some 
it doesn't, independent of the version! On pages this doesn't work you 
will only get an empty thread without any posts as I told, otherwise you 
will get this typical "SQL-DATABASE ERROR" message. So just a small bug, 
nothing special and no really injection. But why does this work on some 
pages and others not? Maybe some PHP/MySQL restrictions?

Regards
Bastian Ahrens


Rickard Andersson wrote:
> I had nothing to do with the initial report, but I did manage to
> reproduce it. Just try to navigate to page -1 in any topic. For
> example:
>
> http://www.woltlab.de/en/forum/thread.php?threadid=2802&page=-1
>
> Cheers,
> Rickard
>
>
> On 9/23/06, Bastian Ahrens <mail@...ks.com> wrote:
>> Hi,
>>
>> I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I
>> just get a normal thread page but without any postings.  Where is the
>> SQL "injection"? More infos would be great.
>>
>> Greets
>> Bastian Ahrens
>>
>>
>> sn4k3.23@...il.com wrote:
>> > Use it like this:
>> >
>> > http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1
>> >
>> > Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:
>> >
>> > - the PHP Version
>> > - the MySQL version
>> > - the wBB Version (when it has been faked or removed)
>> >
>> > Greets,
>> >
>> > 666 - www.sr-crew.de.tt
>> >
>>
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ