lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: n.teusink at planet.nl (n.teusink@...net.nl)
Subject: OpenBB 1.06 SQL Injection

Hello full-disclosure readers,

A vulnerability exists in OpenBB 1.06 that could allow an attacker to 
manipulate SQL 
queries and obtain sensitive information from the database such as 
the administrator 
md5 password hash. 
This vulnerability exists because the index.php script of the 
application does not 
sufficiently sanitize the input of the "CID" parameter.

As far as I know this vulnerability can only be exploited if the 
database server the 
forum uses supports the UNION keyword, so it is probably not 
exploitable with 
MySQL 3.x. I have succesfully exploited this issue when using 
MySQL 4 as the 
database server.

Impact
------

If the admin password is weak enough the attacker could crack it 
using a brute force 
password cracker on the hash and get full control over the forum.

Solution
--------

I have notified the OpenBB developers and they have very quickly (a 
couple of hours, 
great work guys!) released a patched version. You can also patch 
your forum 
manually as described in the OpenBB advisory: 
http://forums.openbb.com/read.php?TID=445


Cheers,

Niels Teusink

http://www.teusink.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ