Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Woltab Burning Board SQL Injection usergroups.php
From: Bastian Ahrens <mail () b3cks com>
Date: Thu, 15 Mar 2007 23:29:50 +0100

Hi out there,

seems to be quite the same exploit as the one appeared in middle January 
which isn't very public and was marked as "private". The exploit code is 
nearly the same such as the bug.

For a quick fix change the following line

if (is_array($_POST['applicationids'])) while (list($applicationid, $val) = each($_POST['applicationids'])) if ($val == 
1) $deleteids[] = $applicationid;

to this

if (is_array(intval($_POST['applicationids']))) while (list($applicationid, $val) = each($_POST['applicationids'])) if 
($val == 1) $deleteids[] = $applicationid;


Greets
/ba

PS: I just got informed that it's the same crew discovered this bug as 
the last time.
 


x666 () Safe-mail net wrote:
Hi,

A new SQL Injection in the wbb2.x

[CODE]

[...]

[/CODE]



[EXPLOIT]

[...]

[/EXPLOIT]

Greets,
666

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]