发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:43:51

[原文]Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta.


        XMB 1.8 Final SP2版本存在多个SQL注入漏洞。远程攻击者可以借助(1)viewthread.php的ppp参数,(2)misc.php的desc参数,(3)forumdisplay.php的tpp参数,(4)forumdisplay.php的ascdesc参数,或(5)stats.php的addon参数注入任意SQL以及提升特权。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
(UNKNOWN)  BUGTRAQ  20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]
(UNKNOWN)  BUGTRAQ  20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
(PATCH)  BID  9726
(PATCH)  XF  xmb-multiple-sql-injection(15295)

- 漏洞信息

高危 SQL注入
2004-12-31 00:00:00 2006-06-15 00:00:00
        XMB 1.8 Final SP2版本存在多个SQL注入漏洞。远程攻击者可以借助(1)viewthread.php的ppp参数,(2)misc.php的desc参数,(3)forumdisplay.php的tpp参数,(4)forumdisplay.php的ascdesc参数,或(5)stats.php的addon参数注入任意SQL以及提升特权。

- 公告与补丁

        The vendor has released XMB 1.8 SP3 to address these issues.
        XMB Forum 1.8
        XMB Forum 1.8 SP2
        XMB Forum 1.8 SP1

- 漏洞信息 (23748)

XMB Forum 1.8 forumdisplay.php Multiple Parameter SQL Injection (EDBID:23748)
php webapps
2004-02-23 Verified
0 Janek Vind
N/A [点击下载]
XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user or to have malicious SQL queries executed in the underlying database.		

- 漏洞信息

XMB viewthread.php ppp Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Upgrade
Exploit Public

- 漏洞描述

Extreme Messageboard aka XMB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "ppp" variable in the viewthread.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

- 时间线

2004-02-24 Unknow
2004-02-24 Unknow

- 解决方案

Upgrade to version 1.8 SP3 or 1.9 Nexus BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者