Exploit

EDB-ID: 27164	Author: k-otik	Published: 2006-01-29
CVE: CVE-2006-0545	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/16520/info

UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue is reported to affect UBB.Threads version 6.3; other versions may also be vulnerable. 

http://www.example.com/showflat.php?Cat=&Number=19229%20UNION%20SELECT%201,2%20/*&page=0&view=collapsed&sb=5&o=&fpart=1

Related Exploits

Trying to match CVEs (1): CVE-2006-0545
Trying to match OSVDBs (1): 22808
Other Possible E-DB Search Terms: UBBCentral UBB.Threads 6.3, UBBCentral UBB.Threads

Date	Title	Author
2009-03-16	UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection	s4squatch
2005-03-11	UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL Injection	ADZ Securit...
2009-12-30	UBBCentral UBB.Threads 6.0 - Remote File Inclusion	indoushka
2004-11-15	UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit	RusH
2004-10-21	UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection	Florian Rock
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php' 'main' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'download.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php' 'posted' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php' 'Number' Parameter SQL Injection	James Bercegay
2005-06-24	UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php' 'message' Parameter SQL Injection	James Bercegay
2006-05-28	UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusion	nukedx
2005-03-11	UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL Injection	HLL
2007-04-09	UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection	John Martin...
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2004-12-13	UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php' 'Cat' Parameter Cross-Site Scripting	dw. and ms.
2006-05-22	UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion	V4mu
2006-09-29	UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution	HACKERS PAL
2008-09-02	UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection	James Bercegay
2009-12-04	UBBCentral UBB.Threads 7.5.4 2 - Multiple File Inclusion	R3VAN_BASTARD
2012-01-04	UBBCentral UBB.Threads 7.5.6 - 'Username' Field Cross-Site Scripting	sonyy
2005-06-25	UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injection	mh_p0rtal

UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection

Related Exploits