Also there are XSS vuln and may be SQL injection (i did not test it): http://forums.openbb.com/board.php?FID=%3Cscript%3Ealert(document.cookie)%3C/script%3E
On Fri, 2003-12-26 at 17:38, [EMAIL PROTECTED] wrote: > Hello full-disclosure readers, > > A vulnerability exists in OpenBB 1.06 that could allow an attacker to > manipulate SQL > queries and obtain sensitive information from the database such as > the administrator > md5 password hash. > This vulnerability exists because the index.php script of the > application does not > sufficiently sanitize the input of the "CID" parameter. > > As far as I know this vulnerability can only be exploited if the > database server the > forum uses supports the UNION keyword, so it is probably not > exploitable with > MySQL 3.x. I have succesfully exploited this issue when using > MySQL 4 as the > database server. > > Impact > ------ > > If the admin password is weak enough the attacker could crack it > using a brute force > password cracker on the hash and get full control over the forum. > > Solution > -------- > > I have notified the OpenBB developers and they have very quickly (a > couple of hours, > great work guys!) released a patched version. You can also patch > your forum > manually as described in the OpenBB advisory: > http://forums.openbb.com/read.php?TID=445 > > > Cheers, > > Niels Teusink > > http://www.teusink.net > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
