[38146] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Woltlab Burning Book addentry.php SQL Injection

daemon@ATHENA.MIT.EDU (Martin Heistermann)
Tue Jan 11 16:56:50 2005

Date: 10 Jan 2005 19:10:54 -0000
Message-ID: <20050110191054.19336.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Martin Heistermann <martin.heistermann@web.de>
To: bugtraq@securityfocus.com



Advisory Information
--------------------
Advisory name		:  Woltlab Burning Book addentry.php SQL Injection
Discovered by		:  drhankey / it-security23.net
Vendor Name		:  Woltlab
Vendor Homepage		:  http://www.woltlab.de
Software		:  Woltlab Burning Book Lite
Vulnerability Type	:  Cross-Site-Scripting
Vulnerable Versions	:  1.0 Gold, 1.1.1e, maybe more
Platforms		:  OS Independent, PHP


What is Woltlab Burning Book ?
----------------------------------
Woltlab Burning Board Lite is a free guestbook system.


Vulnerability Description:
-------------------------
When you post a message, addentry.php executes a SQL Query writing it in the db. The 

user-agent is also saved, but not filtered. So its possible to modify the SQL Query when you 

change your user-agent.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38146] in bugtraq

Woltlab Burning Book addentry.php SQL Injection

daemon@ATHENA.MIT.EDU (Martin Heistermann)Tue Jan 11 16:56:50 2005

daemon@ATHENA.MIT.EDU (Martin Heistermann)
Tue Jan 11 16:56:50 2005