Published: 19/01/2007 Updated: 19/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and previous versions, and 2.3.6 and previous versions in the 2.x series, allows remote malicious users to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
woltlab burning board

<?php /* ################################### # wwwundergroundagentsde # # coded by silent vapor # # webmaster@undergroundagentsde # ################################### */ print_r(' -------------------------------------------------------------------------------- Woltlab Burning Board Lite <= 102 GetHashes over searchp ...

#!/usr/bin/perl use LWP::UserAgent; use HTTP::Response; $| = 1; print " ################################################### ## ## Woltlab Burning Board 236 <= / Lite Exploit ## ################################################### ## ## Coded by 666 <blueshishamuteboxnet> ## Bug by trew ## ####################################### ...

#!/usr/bin/perl # Woltlab Burning Board 2X/Lite searchphp SQL Injection exploit - burnedpl # written by trew <trew@safe-mailnet> # # should work on every wbb regardless of php settings # # v 12 - added 1337 sql filter evasion, version identification,better regex,raw cookie # v 11 - added wbblite support (thx to ...

NVD-CWE-Other http://osvdb.org/33872 https://exchange.xforce.ibmcloud.com/vulnerabilities/31550 https://www.exploit-db.com/exploits/3144 https://www.exploit-db.com/exploits/3143 https://nvd.nist.gov https://www.exploit-db.com/exploits/3143/

CVE-2007-0388

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect