OpenBB 1.0/1.1 - 'index.php' SQL Injection

EDB-ID:

22517

CVE:





Platform:

PHP

Date:

2003-04-22


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/7401/info

It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. 

http://www.example.com/index.php?CID=1%20<something>

where <something> represents a SQL query.