[原文]SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
XMB Forum member.php restrict Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
XMB Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the restrict variable in the member.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Upgrade to version 1.9.1 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Discovery of these issues is credited to Janek Vind <firstname.lastname@example.org>.
XMB Forum 1.9 beta
XMB Forum 1.8 SP3
XMB Forum 1.9.10
XMB Forum 1.9.10
Multiple vulnerabilities have been reported in XMB Forum. The specific issues include an information-disclosure issue and multiple cross-site scripting and SQL-injection issues.
Attackers can exploit these issues to steal cookie-based authentication credentials, modify SQL query logic and structure, and obtain sensitive information about the underlying environment. Cumulatively, these issues could allow remote attackers to hijack accounts, compromise the forum, mount attacks on the database, and launch further attacks against system resources.
Note that these issues appear to have been introduced across different versions of the software.
An exploit is not required.
Multiple proof-of-concept examples have been included in Janek Vind's [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta] Bugtraq post.
A vendor update is available. Contact the vendor for more information.