CVE-2006-2915
CVSS5.1
发布时间 :2006-06-23 16:06:00
修订时间 :2011-03-07 21:37:17
NMCOPS    

[原文]Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.


[CNNVD]DeluxeBB 多个SQL注入漏洞(CNNVD-200606-464)

        DeluxeBB 1.06存在多个SQL注入漏洞。远程攻击者可以借助帐户注册期间的(1) hideemail, (2) languagex, (3) xthetimeoffset和(4) xthetimeformat参数,执行任意SQL命令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2915
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2915
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-464
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/2347
(UNKNOWN)  VUPEN  ADV-2006-2347
http://www.securityfocus.com/bid/18453
(UNKNOWN)  BID  18453
http://www.securityfocus.com/archive/1/archive/1/437228/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060614 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities
http://securitytracker.com/id?1016309
(UNKNOWN)  SECTRACK  1016309
http://secunia.com/secunia_research/2006-44/advisory
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-44/advisory
http://secunia.com/advisories/20152
(VENDOR_ADVISORY)  SECUNIA  20152
http://xforce.iss.net/xforce/xfdb/27091
(UNKNOWN)  XF  deluxebb-accountreg-sql-injection(27091)
http://www.securityfocus.com/archive/1/archive/1/438597/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060628 Secunia Research: DeluxeBB SQL Injection and File InclusionVulnerabilities
http://www.osvdb.org/26457
(UNKNOWN)  OSVDB  26457
http://securityreason.com/securityalert/1134
(UNKNOWN)  SREASON  1134

- 漏洞信息

DeluxeBB 多个SQL注入漏洞
中危 SQL注入
2006-06-23 00:00:00 2006-06-26 00:00:00
远程  
        DeluxeBB 1.06存在多个SQL注入漏洞。远程攻击者可以借助帐户注册期间的(1) hideemail, (2) languagex, (3) xthetimeoffset和(4) xthetimeformat参数,执行任意SQL命令。

- 公告与补丁

        暂无数据

- 漏洞信息 (F47543)

secunia-deluxebb.txt (PacketStormID:F47543)
2006-06-21 00:00:00
Andreas Sandblad  secunia.com
exploit,vulnerability,sql injection
CVE-2006-2914,CVE-2006-2915
[点击下载]

Secunia Research has discovered some vulnerabilities in DeluxeBB version 1.06, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.

======================================================================

                     Secunia Research 14/06/2006

    - DeluxeBB SQL Injection and File Inclusion Vulnerabilities -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

DeluxeBB 1.06

Other versions may also be affected.

Product link:
http://www.deluxebb.com/

======================================================================
2) Severity

Rating: Highly critical
Impact: System access, manipulation of data
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered some vulnerabilities in DeluxeBB, 
which can be exploited by malicious people to conduct SQL injection 
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts 
isn't properly verified, before it is used to include files. This can 
be exploited to include arbitrary files from external and local 
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]

Successful exploitation requires that "register_globals" is enabled.

2) Input passed to the "hideemail", "languagex", "xthetimeoffset", 
and "xthetimeformat" parameters when registering for an account 
isn't properly sanitised before being used in a SQL query. This can 
be exploited to manipulate SQL queries by injecting arbitrary SQL 
code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerabilities have been confirmed in version 1.06. Other 
versions may also be affected.

======================================================================
4) Solution

Edit the source code to ensure that input is properly sanitised and 
verified.

======================================================================
5) Time Table

26/05/2006 - Initial vendor notification.
14/06/2006 - Public disclosure.

======================================================================
6) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2006-2914 (file inclusion) and CVE-2006-2915 (SQL injection) 
for the vulnerabilities.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-44/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

    

- 漏洞信息

26457
DeluxeBB Account Registration Multiple Field SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

DeluxeBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the account registration scripts not properly sanitizing user-supplied input to the 'hideemail', 'languagex', 'xthetimeoffset', and 'xthetimeformat' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- 时间线

2006-06-14 2006-05-26
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

DeluxeBB Multiple SQL Injection Vulnerabilities
Input Validation Error 18453
Yes No
2006-06-15 12:00:00 2006-06-28 07:00:00
Andreas Sandblad of Secunia Research is credited with the discovery of these vulnerabilities.

- 受影响的程序版本

DeluxeBB DeluxeBB 1.06

- 漏洞讨论

DeluxeBB is prone to multiple SQL-injection vulnerabilities. These issues is due to a failure in the application to properly sanitize user-supplied cookie data before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

DeluxeBB version 1.06 is vulnerable to this issue; other versions may also be affected.

- 漏洞利用

These issues can be exploited through a web client.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站