Exploit Database - Logo

UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL Injection

EDB-ID: 25903 Author: GulfTech Security Published: 2005-06-24
CVE: CVE-2005-2058 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/14052/info
      
UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
      
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

http://www.example.com/ubbt/grabnext.php?Cat=4&Board=UBB23&mode=showflat&sticky=0&dir=old&posted=1045942715[SQL]
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2005-2058
Trying to match OSVDBs (1): 17532
Other Possible E-DB Search Terms: UBBCentral UBB.Threads 5.5.1/6.x,  UBBCentral UBB.Threads 5.5.1,  UBBCentral UBB.Threads
Date D V Title Author
2009-03-16 Verified UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injections4squatch
2005-03-11 Verified UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL InjectionADZ Securit...
2009-12-30 Waiting verification UBBCentral UBB.Threads 6.0 - Remote File Inclusionindoushka
2004-11-15 Verified UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute ForceRusH
2004-10-21 Verified UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL InjectionFlorian Rock
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL InjectionsGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL InjectionGulfTech Se...
2006-05-28 Verified UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusionsnukedx
2005-03-11 Verified UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL InjectionHLL
2007-04-09 Verified UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL InjectionJohn Martin...
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php?Cat' Cross-Site Scriptingdw. & ms.
2006-01-29 Verified UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injectionk-otik
2006-05-22 Verified UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File InclusionV4mu
2006-09-29 Verified UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code ExecutionHACKERS PAL
2008-09-02 Verified UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL InjectionGulfTech Se...
2009-12-04 Waiting verification UBBCentral UBB.Threads 7.5.4 2 - Multiple File InclusionsR3VAN_BASTARD
2012-01-04 Verified UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scriptingsonyy
2005-06-25 Verified UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injectionmh_p0rtal
Menu