what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hardened-PHP Project Security Advisory 2005-12.60

Hardened-PHP Project Security Advisory 2005-12.60
Posted Aug 5, 2005
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 4d2114be500f23ebf091fb17d172b512c79677234c01f8a698f2554cef0dfe06

Hardened-PHP Project Security Advisory 2005-12.60

Change Mirror Download
Hash: SHA1

Hardened PHP Project

-= Security Advisory =-

Advisory: UseBB Multiple Vulnerabilities
Release Date: 2005/07/28
Last Modified: 2005/07/28
Author: Stefan Esser <s.esser@hardened-php.net>
Application: UseBB <= 0.5.1
Severity: Multiple SQL injection and XSS vulnerabilities may
result in disclosure of administrators credentials.
Risk: High
Vendor Status: Vendor has released an updated version
References: http://www.hardened-php.net/advisory_122005.60.html


UseBB, the easy to set up and easy to use PHP and MySQL based forum
package, distributed freely under the GPL license. It is being built
by a team of voluntary developers from all over the world, for use
on small to medium sized websites which need a clear and efficient
forum package.

By accident we stumbled over UseBB and audited it, because we have
never seen a PHP forum system that is free of vulnerabilities.
During our work, we have discovered two 2 holes that were not yet
fixed in the CVS and may allow compromising user accounts.

One of the vulnerabilities is a XSS vulnerability that is only
exploitable in Internet Explorer and the other one is a SQL
injection vulnerability that requires magic_quotes_gpc turned off
to be exploitable, which is the recommended setting.


An audit of UseBB revealed that the code is actually one of the
better pieces of PHP webapplications, although it uses the not
recommended magic_quotes_runtime feature.. The authors always try
to initialise their variables correctly and whenever possible they
filter user input before using it.

However we were able to find two glitches in their code. The first
one is in the handling of the color BBCode. The color value is not
filtered and therefore it is possible for an attacker to inject
arbitrary stylesheet information for the resulting <span> tag.
Within Internet Explorer this will allow Javascript execution
through f.e. through a call of the expression() function.

The other problem is located in the way the magic_quotes_gpc=Off
emulation is implemented. When the feature is deactivated, which is
the recommended setting, _GET, _POST and _COOKIE are automatically
addslashed(). Unfortunately _REQUEST is not automatically and
therefore the search function of the forum, which is the only
place where _REQUEST is used, is not protected at all against any
kind of SQL injection, when magic_quotes_gpc is turned off.

Both vulnerabilities could result in disclosure of arbitrary
user credentials.

Proof of Concept:

The Hardened-PHP Project is not going to release an exploit
for this vulnerability to the public.

Disclosure Timeline:

27. July 2005 - Vendor informed.
27. July 2005 - Vendor has released updated version.
28. July 2005 - Public disclosure.


We strongly recommend installing the updated version, 0.5.1a,
which is available from the vendor's homepage, www.usebb.net.



pub 1024D/0A864AA1 2004-04-17 Hardened-PHP Signature Key
Key fingerprint = 066F A6D0 E57E 9936 9082 7E52 4439 14CC 0A86 4AA1

Copyright 2005 Stefan Esser / Hardened PHP Project. All rights reserved.

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By