deepdark
11-15-2004, 12:50 PM
Input Validation Error in 'last.php' 3rd Party vBulletin Hack Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID: *removed*
SecurityTracker URL: *link removed*
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Updated: Nov 12 2004
Original Entry Date: Nov 11 2004
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Exploit Included: Yes
Description: An input validation vulnerability was reported in the 'last.php' hack for vBulletin. A remote user can inject SQL commands. The script is a 3rd party product and is not part of the vBulletin product.
Dr. Death reported that 'last.php' does not properly validate user-supplied input in the 'fsel' parameter. A remote user can submit a specially crafted HTTP request to inject SQL commands on the underlying database.
A demonstration exploit is provided:
*removed*
Impact: A remote user can execute SQL commands on the underlying database.
Solution: No solution was available at the time of this entry.
Cause: Input validation error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: "Dr. Death" <drdeath4ever@hotmail.com>
Message History: None.
__________________________________________________ ______________
Date: Thu, 11 Nov 2004 05:29:44 +0000
From: "Dr. Death" <drdeath4ever@hotmail.com>
Subject: SQL injection in vBulletin forums (last10.php)
hi all,
a new SQL injection found in VBulletin Forums 3.0.x
the Vulnerabilite found in last.php, last 10 topics hack.
*removed*
to solve the problem delet fsel? from ttlast.php and last10.php
Best Regards,
Dr.Death
THE MAN OF THE DARK SIDE
NEWS LINK:h*removed*
SecurityTracker Alert ID: *removed*
SecurityTracker URL: *link removed*
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Updated: Nov 12 2004
Original Entry Date: Nov 11 2004
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Exploit Included: Yes
Description: An input validation vulnerability was reported in the 'last.php' hack for vBulletin. A remote user can inject SQL commands. The script is a 3rd party product and is not part of the vBulletin product.
Dr. Death reported that 'last.php' does not properly validate user-supplied input in the 'fsel' parameter. A remote user can submit a specially crafted HTTP request to inject SQL commands on the underlying database.
A demonstration exploit is provided:
*removed*
Impact: A remote user can execute SQL commands on the underlying database.
Solution: No solution was available at the time of this entry.
Cause: Input validation error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: "Dr. Death" <drdeath4ever@hotmail.com>
Message History: None.
__________________________________________________ ______________
Date: Thu, 11 Nov 2004 05:29:44 +0000
From: "Dr. Death" <drdeath4ever@hotmail.com>
Subject: SQL injection in vBulletin forums (last10.php)
hi all,
a new SQL injection found in VBulletin Forums 3.0.x
the Vulnerabilite found in last.php, last 10 topics hack.
*removed*
to solve the problem delet fsel? from ttlast.php and last10.php
Best Regards,
Dr.Death
THE MAN OF THE DARK SIDE
NEWS LINK:h*removed*