[40893] in bugtraq
Woltlab Burning Board info_db.php multiple SQL injection
daemon@ATHENA.MIT.EDU (admin@batznet.com)
Wed Oct 26 12:42:12 2005
Date: 26 Oct 2005 14:01:28 -0000
Message-ID: <20051026140128.1722.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: admin@batznet.com
To: bugtraq@securityfocus.com
#################################################################
#
# Woltlab Burning Board info_db.php multiple SQL # injection
#
#################################################################
->discovered by [R]
Vendor: "Trooper"
URL: www.wbbcoderforum.de
Version: <= 2.7
Type: SQL-injection
Description:
------------------------
Info-DB is a very powerful and popular download-module with many features.
Information:
------------------------
Info-DB is prone to multiple SQL injection vulnerabilities.
(It's possible to upload any files through info_db.php.)
Bug:
------------------------
[1] /info_db.php?action=file&fileid=[SQL-Injection]
[2] /info_db.php?action=file&fileid=59&subkatid=[SQL-injection]
Both tested on 2.5.
All other versions should be vulnerable, too.
An exploit-code is available at rootbox.cx.la/batznet.com
Patch:
------------------------
No Patch available.
Greetz:
------------------------
greetz fly out to 2lm, Lux2, redice, triple6, darkkilla, EaTh
// written by [R]
// www.batznet.com
