header-logo
Suggest Exploit
vendor:
Bulletin Board System
by:
SecurityFocus
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Bulletin Board System
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

WoltLab SQL Injection

WoltLab is prone to SQL injection attacks due to insufficient sanitization of parameters handled by the board.php script. It is possible to exploit this condition to gain administrative privileges within the bulletin board system by supplying malicious parameters in a web request.

Mitigation:

Sanitize all user-supplied input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5675/info

WoltLab is prone to SQL injection attacks. This is due to insufficient sanitization of parameters handled by the board.php script, which may be supplied externally via the query string in a web request.

The logic of a SQL query made by the script may be modified, resulting in the potential for database corruption. It has been demonstrated that it is possible to exploit this condition to gain administrative privileges within the bulletin board system. 

board.php?boardid=[boardid]%27,%20userid=%27[victims userid, 1 is
usually an admin]&sid=[attackers session-id]

Navigation

Suggest Exploit

Services By CQR