| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: groovy2600 at yahoo.com.ar (gr00vy) Subject: OpenBB 1.06 SQL Injection Also there are XSS vuln and may be SQL injection (i did not test it): http://forums.openbb.com/board.php?FID=%3Cscript%3Ealert(document.cookie)%3C/script%3E On Fri, 2003-12-26 at 17:38, n.teusink@...net.nl wrote: > Hello full-disclosure readers, > > A vulnerability exists in OpenBB 1.06 that could allow an attacker to > manipulate SQL > queries and obtain sensitive information from the database such as > the administrator > md5 password hash. > This vulnerability exists because the index.php script of the > application does not > sufficiently sanitize the input of the "CID" parameter. > > As far as I know this vulnerability can only be exploited if the > database server the > forum uses supports the UNION keyword, so it is probably not > exploitable with > MySQL 3.x. I have succesfully exploited this issue when using > MySQL 4 as the > database server. > > Impact > ------ > > If the admin password is weak enough the attacker could crack it > using a brute force > password cracker on the hash and get full control over the forum. > > Solution > -------- > > I have notified the OpenBB developers and they have very quickly (a > couple of hours, > great work guys!) released a patched version. You can also patch > your forum > manually as described in the OpenBB advisory: > http://forums.openbb.com/read.php?TID=445 > > > Cheers, > > Niels Teusink > > http://www.teusink.net > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists