Exploit

EDB-ID: 25903	Author: James Bercegay	Published: 2005-06-24
CVE: CVE-2005-2058	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: N/A
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/14052/info
      
UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
      
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

http://www.example.com/ubbt/grabnext.php?Cat=4&Board=UBB23&mode=showflat&sticky=0&dir=old&posted=1045942715[SQL]

Related Exploits

Trying to match CVEs (1): CVE-2005-2058
Trying to match OSVDBs (1): 17532
Other Possible E-DB Search Terms: UBBCentral UBB.Threads 5.5.1/6.x, UBBCentral UBB.Threads 5.5.1, UBBCentral UBB.Threads

Date	Title	Author
2009-03-16	UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection	s4squatch
2005-03-11	UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection	ADZ Securit...
2009-12-30	UBBCentral UBB.Threads 6.0 - Remote File Inclusion	indoushka
2004-11-15	UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit	RusH
2004-10-21	UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection	Florian Rock
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection	James Bercegay
2006-05-28	UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion	nukedx
2005-03-11	UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection	HLL
2007-04-09	UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection	John Martin...
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2006-01-29	UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection	k-otik
2006-05-22	UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion	V4mu
2006-09-29	UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution	HACKERS PAL
2008-09-02	UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection	James Bercegay
2009-12-04	UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion	R3VAN_BASTARD
2012-01-04	UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting	sonyy
2005-06-25	UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection	mh_p0rtal

UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection

Related Exploits