[Full-disclosure] Woltab Burning Board SQL Injection usergroups.php
Bastian Ahrens
mail at b3cks.com
Thu Mar 15 22:29:50 GMT 2007
Hi out there,
seems to be quite the same exploit as the one appeared in middle January
which isn't very public and was marked as "private". The exploit code is
nearly the same such as the bug.
For a quick fix change the following line
if (is_array($_POST['applicationids'])) while (list($applicationid, $val) = each($_POST['applicationids'])) if ($val == 1) $deleteids[] = $applicationid;
to this
if (is_array(intval($_POST['applicationids']))) while (list($applicationid, $val) = each($_POST['applicationids'])) if ($val == 1) $deleteids[] = $applicationid;
Greets
/ba
PS: I just got informed that it's the same crew discovered this bug as
the last time.
x666 at Safe-mail.net wrote:
> Hi,
>
> A new SQL Injection in the wbb2.x
>
> [CODE]
>
> [...]
>
> [/CODE]
>
>
>
> [EXPLOIT]
>
> [...]
>
> [/EXPLOIT]
>
> Greets,
> 666
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Full-Disclosure is hosted and sponsored by Secunia.