[Please follow the instructions in the mail to prevent this YABBS exploit -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="cWoXeonUoKmBZSoM" Content-Disposition: inline Message-ID: <[EMAIL PROTECTED]> From: "VOID.AT Security" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [VSA0306] YABBSE 1.4.1 SQL Injection Bugs Date: Sat, 11 Jan 2003 01:31:05 +0100 --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="VSA0306_yabbse.txt" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: [void.at SA] YaBB SE SQL Injection Bugs [void.at Security Advisory VSA0306] YaBB SE is a web based forum written in PHP. Overview - -------- Due to sql injection bugs, it is possible for an remote user without an account to get access to user accounts by resetting or excplicit setting a password Affected Versions - ----------------- 1.4.1 possibly others Details - ------- see Reminder.php Solution - -------- To fix this bug enable magic_rpc in your php.ini or filter the user input for special characters Exploit - ------- There are two ways to exploit this vulnerability * Reset User Password Vulnerability http://www.myserver.com/yabbse/Reminder.php?searchtype=esearch&user=[yourusername]'%20or%20memberName='[otherusername] * Set Any User Password Vulnerability You can only set the Password for user that has been added after your account, because of the SQL structure. Discovered by - - ------------- [EMAIL PROTECTED] Credits - ------- void.at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj4fZQkACgkQzxi8qAgTjUOM+gCfRbRObKdDQ155OmG7rkGc1HNM nn4AoJDBOElOqbKSA2MJJ5R/AqhnyVJm =3q3M -----END PGP SIGNATURE----- --cWoXeonUoKmBZSoM-- ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
