[VIM] Minor nit - Unclassified NewsBoard SQL injection
Steven M. Christey
coley at mitre.org
Fri Nov 25 16:46:32 EST 2005
VDBs are describing the Unclassified NewsBoard SQL injection issue
from a few days ago by saying that the DateFrom parameter is
affected. They seem to have missed DateUntil:
1) In the title of rgod's advisory :) it says:
Unclassified NewsBoard 1.5.3 patch level 3 "DateFrom" &
"DateUntil" blind SQL injection
2) Then:
vulnerable code near lines 393-454 in search.inc.php: "DateFrom"
and "DateUntil" arguments are not properly sanitized before to be
passed to a query
3) Then:
http://[target]/[path]/forum.php?req=search&Query=suntzu&ResultView=2&Sort=2&DateFrom=[SQL]&DateUntil=[SQL]&Forum=0
The bulk of the advisory concentrates on "DateFrom", so that must be
what happened. Not that people would just derive their descriptions
from someone else's analysis... oh no, that NEVER happens ;-)
- Steve
======================================================
Name: CVE-2005-3686
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3686
Reference: MISC:http://rgod.altervista.org/unb153pl3_xpl.html
Reference: MISC:http://packetstormsecurity.org/0511-exploits/unb153pl3_xpl.html
Reference: BID:15466
Reference: URL:http://www.securityfocus.com/bid/15466
Reference: FRSIRT:ADV-2005-2487
Reference: URL:http://www.frsirt.com/english/advisories/2005/2487
Reference: OSVDB:20951
Reference: URL:http://www.osvdb.org/20951
Reference: SECUNIA:17614
Reference: URL:http://secunia.com/advisories/17614
SQL injection vulnerability in search.inc.php in Unclassified
NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute
arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter
to forum.php.
More information about the VIM
mailing list