Vulnerabilities > CVE-2004-1622 - Unspecified vulnerability in Ubbcentral Ubb.Threads 3.4/3.5

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ubbcentral
nessus
exploit available
NVD
Published: 2004-10-21
Updated: 2024-11-20

Summary

SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.

Vulnerable Configurations

Part Description Count
Application
Ubbcentral
2

Exploit-Db

descriptionUBBCentral UBB.threads 3.4/3.5 Dosearch.PHP SQL Injection Vulnerability. CVE-2004-1622. Webapps exploit for php platform
idEDB-ID:24698
last seen2016-02-02
modified2004-10-21
published2004-10-21
reporterFlorian Rock
sourcehttps://www.exploit-db.com/download/24698/
titleUBBCentral UBB.threads 3.4/3.5 - DoSearch.PHP SQL Injection Vulnerability

Nessus

NASL familyCGI abuses
NASL idUBBTHREADS_SQL_INJECTION.NASL
descriptionThere is a SQL injection issue in the remote version of UBB.threads that may allow an attacker to execute arbitrary SQL statements on the remote host and potentially overwrite arbitrary files there by sending a malformed value to the
last seen2020-06-01
modified2020-06-02
plugin id15561
published2004-10-25
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15561
titleUBB.threads dosearch.php SQL injection
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(15561);
 script_version("1.16");
 script_cvs_date("Date: 2018/08/01 17:36:12");

 script_cve_id("CVE-2004-1622");
 script_bugtraq_id(11502);

 script_name(english:"UBB.threads dosearch.php SQL injection");
 script_summary(english:"SQL Injection in UBB.threads");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is prone to SQL
injection attacks." );
 script_set_attribute(attribute:"description", value:
"There is a SQL injection issue in the remote version of UBB.threads
that may allow an attacker to execute arbitrary SQL statements on the
remote host and potentially overwrite arbitrary files there by sending
a malformed value to the 'Name' argument of the file 'dosearch.php'." );
 script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=bugtraq&m=109839925207038&w=2" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/25");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/21");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencies("ubbthreads_detect.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 80);
 script_require_keys("www/ubbthreads");
 exit(0);
}

# Check starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, php:TRUE);


# Test an install.
install = get_kb_item(string("www/", port, "/ubbthreads"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches))
{
 dir = matches[2];
 r = http_send_recv3(method:"GET", port:port, item: dir + "/dosearch.php?Name=42'", exit_on_fail:TRUE);
 res = r[2];
 if ( "mysql_fetch_array()" >< res )
 {
   security_hole(port);
   set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
 }
}

References