Exploit Database - Logo

UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection

EDB-ID: 27164 Author: k-otik Published: 2006-01-29
CVE: CVE-2006-0545 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/16520/info

UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue is reported to affect UBB.Threads version 6.3; other versions may also be vulnerable. 

http://www.example.com/showflat.php?Cat=&Number=19229%20UNION%20SELECT%201,2%20/*&page=0&view=collapsed&sb=5&o=&fpart=1
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2006-0545
Trying to match OSVDBs (1): 22808
Other Possible E-DB Search Terms: UBBCentral UBB.Threads 6.3,  UBBCentral UBB.Threads
Date D V Title Author
2009-03-16 Verified UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injections4squatch
2005-03-11 Verified UBBCentral UBB.Threads 6.0 - 'editpost.php' SQL InjectionADZ Securit...
2009-12-30 Waiting verification UBBCentral UBB.Threads 6.0 - Remote File Inclusionindoushka
2004-11-15 Verified UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute ForceRusH
2004-10-21 Verified UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL InjectionFlorian Rock
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'addfav.php?main' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'calendar.php' Multiple SQL InjectionsGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'download.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'grabnext.php?posted' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'modifypost.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL InjectionGulfTech Se...
2005-06-24 Verified UBBCentral UBB.Threads 5.5.1/6.x - 'viewmessage.php?message' SQL InjectionGulfTech Se...
2006-05-28 Verified UBBCentral UBB.Threads 5.x/6.x - Multiple Remote File Inclusionsnukedx
2005-03-11 Verified UBBCentral UBB.Threads 6.0 - 'Printthread.php' SQL InjectionHLL
2007-04-09 Verified UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL InjectionJohn Martin...
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'login.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'online.php?Cat' Cross-Site Scriptingdw. & ms.
2004-12-13 Verified UBBCentral UBB.Threads 6.2.3/6.5 - 'showflat.php?Cat' Cross-Site Scriptingdw. & ms.
2006-05-22 Verified UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File InclusionV4mu
2006-09-29 Verified UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code ExecutionHACKERS PAL
2008-09-02 Verified UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL InjectionGulfTech Se...
2009-12-04 Waiting verification UBBCentral UBB.Threads 7.5.4 2 - Multiple File InclusionsR3VAN_BASTARD
2012-01-04 Verified UBBCentral UBB.Threads 7.5.6 - 'Username' Cross-Site Scriptingsonyy
2005-06-25 Verified UBBCentral UBB.Threads < 6.5.2 Beta - 'mailthread.php' SQL Injectionmh_p0rtal
Menu