PunBB Search.PHP SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109139 漏洞类型 SQL注入
发布时间 2005-10-15 更新时间 2005-11-08
CVE编号 CVE-2005-3518 CNNVD-ID CNNVD-200511-139
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26350
https://cxsecurity.com/issue/WLB-2005100043
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-139
|漏洞详情
PunBB是一个快速,轻量级PHP论坛系统。PunBB1.2.7和1.2.8的search.php中的SQL注入漏洞,可让远程攻击者通过old_searches参数执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/15114/info

PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/search.php?action=search&keywords=&author=d3vilbox&forum=-1&search_in=all&sort_by=0&sort_dir=DESC&show_as=topics&search=Submit&old_searches[]=[sql-injection]
|参考资料

来源:XF
名称:punbb-oldsearches-sql-injection(22760)
链接:http://xforce.iss.net/xforce/xfdb/22760
来源:BID
名称:15114
链接:http://www.securityfocus.net/bid/15114/
来源:SECUNIA
名称:17227
链接:http://secunia.com/advisories/17227/
来源:www.punbb.org
链接:http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt
来源:MISC
链接:http://www.kapda.ir/advisory-91.html
来源:BUGTRAQ
名称:20051014[KAPDA::#6]PunbbSQLInjectionVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=112939699128430&w=2
来源:OSVDB
名称:20018
链接:http://www.osvdb.org/20018
来源:SREASON
名称:87
链接:http://securityreason.com/securityalert/87