Full Disclosure mailing list archives
Re: OpenBB 1.06 SQL Injection
From: gr00vy <groovy2600 () yahoo com ar>
Date: 27 Dec 2003 03:21:16 -0300
Also there are XSS vuln and may be SQL injection (i did not test it): http://forums.openbb.com/board.php?FID=%3Cscript%3Ealert(document.cookie)%3C/script%3E On Fri, 2003-12-26 at 17:38, n.teusink () planet nl wrote:
Hello full-disclosure readers, A vulnerability exists in OpenBB 1.06 that could allow an attacker to manipulate SQL queries and obtain sensitive information from the database such as the administrator md5 password hash. This vulnerability exists because the index.php script of the application does not sufficiently sanitize the input of the "CID" parameter. As far as I know this vulnerability can only be exploited if the database server the forum uses supports the UNION keyword, so it is probably not exploitable with MySQL 3.x. I have succesfully exploited this issue when using MySQL 4 as the database server. Impact ------ If the admin password is weak enough the attacker could crack it using a brute force password cracker on the hash and get full control over the forum. Solution -------- I have notified the OpenBB developers and they have very quickly (a couple of hours, great work guys!) released a patched version. You can also patch your forum manually as described in the OpenBB advisory: http://forums.openbb.com/read.php?TID=445 Cheers, Niels Teusink http://www.teusink.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OpenBB 1.06 SQL Injection n . teusink (Dec 26)
- Re: OpenBB 1.06 SQL Injection gr00vy (Dec 26)