exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 29997

Secunia Security Advisory 29997
Posted Apr 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - __GiReX__ has reported some vulnerabilities in miniBB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | a94e18b16a10cd58b649e25afd8d52bf1b6fbc64c4137faf2fe69cc4248e432a

Secunia Security Advisory 29997

Change Mirror Download
----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

2 days left of beta period.

The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.

The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.

Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
miniBB Cross-Site Scripting and SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA29997

VERIFY ADVISORY:
http://secunia.com/advisories/29997/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
miniBB 2.x
http://secunia.com/product/5558/

DESCRIPTION:
__GiReX__ has reported some vulnerabilities in miniBB, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

1) Input passed to the "lang" parameter in index.php (if "action" is
set to "registernew") is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected
site.

2) Input passed to the "xtr" parameter in index.php (if "action" is
set to "userinfo") is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

Successful exploitation requires that "register_globals" is enabled.

Note: A full path disclosure issue in index.php is also reported.

The vulnerabilities are reported in version 2.2. Other versions may
also be affected.

SOLUTION:
Update to version 2.2a.

PROVIDED AND/OR DISCOVERED BY:
__GiReX__

ORIGINAL ADVISORY:
__GiReX__:
http://milw0rm.com/exploits/5494

miniBB:
http://www.minibb.net/forums/9_5110_0.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close