SQL Injection Vulnerability in CyBoards PHP Lite
Summary
- Vulnerability
- SQL Injection Vulnerability in CyBoards PHP Lite
- Discovered
- 2006.03.03
- Last Update
- 2006.03.14 CVE entry added
- ID
- EV0091
- CVE
- CVE-2006-1134
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- CyBoards PHP Lite (http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script)
- Version
- 1.25
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in CyBoards PHP Lite (http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script) script.
Vulnerable script: post.php
Variable $parent isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
SQL Injection Example:
http://[host]/post.php?board=1&reply=999'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19/*
Solution.
Solution for "SQL Injection Vulnerability in CyBoards PHP Lite" is not available. Check vendor's website for updates.