BugTraq
Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Sep 26 2006 10:46PM
Bastian Ahrens (mail b3cks com)
Hi again,

I had some time to research into this. I tested about ten boards with
different versions from 2.3.3 to 2.3.5. On some this bug works on some
it doesn't, independent of the version! On pages this doesn't work you
will only get an empty thread without any posts as I told, otherwise you
will get this typical "SQL-DATABASE ERROR" message. So just a small bug,
nothing special and no really injection. But why does this work on some
pages and others not? Maybe some PHP/MySQL restrictions?

Regards
Bastian Ahrens

Rickard Andersson wrote:
> I had nothing to do with the initial report, but I did manage to
> reproduce it. Just try to navigate to page -1 in any topic. For
> example:
>
> http://www.woltlab.de/en/forum/thread.php?threadid=2802&page=-1
>
> Cheers,
> Rickard
>
>
> On 9/23/06, Bastian Ahrens <mail (at) b3cks (dot) com [email concealed]> wrote:
>> Hi,
>>
>> I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I
>> just get a normal thread page but without any postings. Where is the
>> SQL "injection"? More infos would be great.
>>
>> Greets
>> Bastian Ahrens
>>
>>
>> sn4k3.23 (at) gmail (dot) com [email concealed] wrote:
>> > Use it like this:
>> >
>> > http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1
>> >
>> > Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:
>> >
>> > - the PHP Version
>> > - the MySQL version
>> > - the wBB Version (when it has been faked or removed)
>> >
>> > Greets,
>> >
>> > 666 - www.sr-crew.de.tt
>> >
>>
>>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus