Two php forums: SQL Injection Vulnerability and Test Methods

Source: Internet
Author: User

1. phpBB Remote Arbitrary SQL Injection Vulnerability

Affected Systems:

PhpBB Group phpBB 2.0.9
PhpBB Group phpBB 2.0.8
PhpBB Group phpBB 2.0.8
PhpBB Group phpBB 2.0.7
PhpBB Group phpBB 2.0.6 d
PhpBB Group phpBB 2.0.6 c
PhpBB Group phpBB 2.0.6
PhpBB Group phpBB 2.0.5
PhpBB Group phpBB 2.0.4
PhpBB Group phpBB 2.0.3
PhpBB Group phpBB 2.0.2
PhpBB Group phpBB 2.0.10
PhpBB Group phpBB 2.0.1
PhpBB Group phpBB 2.0
Description:


--------------------------------------------------------------------------------

PhpBB is a WEB forum application compiled by PHP. It supports multiple database systems and can be used in multiple Unix and Linux operating systems.

PhpBB does not properly filter user submitted data. Remote attackers can exploit this vulnerability to launch SQL injection attacks, which may obtain sensitive information or change the database.

Because the url Decoding of phpBB converts % 2527 to % 27 (single quotes) without an append number, there is an SQL injection problem, which can lead to execution of arbitrary database commands, sensitive information may be exposed or changed.

<* Source: jessica soules (admin@howdark.com)

Link: http://marc.theaimsgroup.com /? L = bugtraq & m = 110029415208724 & w = 2
*>

Test method:


--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Jessica soules (admin@howdark.com) provides the following test methods:

Submit a request similar to the following:

Viewtopic. php? T = 1 & highlight = % 2527

The following error message is displayed:

Parse error: parse error, unexpected T_STRING in viewtopic. php (1109): regexp code on
Line 1

Fatal error: Failed evaluating code: preg_replace (# () # I, 1,> POST TEXT
HERE <) in viewtopic. php on line 1109

Suggestion:


--------------------------------------------------------------------------------

Vendor patch:

PhpBB Group
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.phpbb.com/


2. phpBT bug. php SQL Injection Vulnerability

Affected Systems:

PhpBugTracker 0.9.1
Description:


--------------------------------------------------------------------------------

PHP Bug Traq is a PHP-based vulnerability tracking system.

PHP Bug Traq bug. php does not properly filter URL data submitted by users. Remote attackers can exploit this vulnerability to obtain sensitive information or change the database system.

Bug. php does not properly filter the data that the user submits to the bugid, and submits data that contains malicious SQL commands or malicious HTML code as parameter data, which can change the original database logic, obtain sensitive information or change the database system.

In addition, the bug. php does not fully filter project variable data, which exists in the similar vulnerability described above.

<* Source: jessica soules (admin@howdark.com)

Link: http://marc.theaimsgroup.com /? L = bugtraq & m = 110029315521568 & w = 2
Http://marc.theaimsgroup.com /? L = bugtraq & m = 110037408101974 & w = 2
*>

Test method:


--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Jessica soules (admin@howdark.com) provides the following test methods:

Http://www.phpbb.com/bugs/bug.php? Op = viewvotes & bugid = 1 union select 1, user_password, 3
Where user_id = 2 /*

Bug. php? Op = add & project = 0% 20 union % 20 select % 201

Suggestion:


--------------------------------------------------------------------------------

Vendor patch:

PhpBugTracker
-------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://phpbt.sourceforge.net/

 

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.