Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SoftBB 0.1.3 SQL Injection

Related Vulnerabilities: CVE-2014-9560   cve-2014-9560   CVE-2006-1327  
Publish Date: 11 Jan 2015
Author: Jing Wang
Source 
                							

                *CVE-2014-9560  Softbb.net SoftBB SQL Injection Security Vulnerability*




Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter
SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command ('SQL Injection') (CWE-89)
CVE Reference: CVE-2014-9560
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]






*Advisory Details:*


*Vendor URL:*
http://www.softbb.net/



*(2) Vulnerability Details:*
Softbb.net SoftBB can be exploited by SQL Injection attacks.


*(2.1) *The vulnerability occurs at “/redir_last_post_list.php" page, with
“&post” parameter.




*References:*
http://tetraph.com/security/cves/cve-2014-9560-softbb-net-softbb-sql-injection-security-vulnerability/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9560
http://www.cvedetails.com/cve/CVE-2006-1327/








--
Wang Jing
School of Physical and Mathematical Sciences (SPMS)
Nanyang Technological University (NTU), Singapore


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started