Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
Likewise Names Leading Open Source Voice as CTO
Launched: Zarafa Collaboration Platform 7.0 and Zarafa Archiver
Zarafa Shows User Driven Innovation at Fifth SummerCamp Anniversary
Userful Corporation Named to Everything Channel’s CRN Virtualization 100 List
Zarafa Joins Microsoft with Advanced Outlook 2010 Compatibility
Zarafa and Mandriva Partner to Deliver Integrated Enterprise Solutions
CustomTech Teams with European Exchange Alternative “Zarafa”
Likewise Cross-Platform Integration Software Hits 100,000 Users
Cloud.com Releases New Version of CloudStack

View More

Yabb SE SQL Injection Vulnerability
By : Accidutzu [www] Find more article by Accidutzu on Securit
Monday the 26th, January 2004 at 04:42 PM (EST)
Send this Story to a Friend Readers TalkBack (0) - 2885 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

YaBB SE is a PHP/MySQL port of a older forum software based on Perl. An SQL injection vulnerability allows a remote attacker to execute malicious SQL statements on the database remotely.

The file SSI.php has a number of functions to return information about the status of the forum (statistics). Functions 'welcome' and 'recentTopics' are vulnerable to SQL injection because the parameter ID_MEMBER is not properly checked.

An exploit is available but the YaBB SE team relased a patch. You should upgrade to 1.5.5 to be safe.

This is probably the last version of this forum. The team start working on a new forum software called SMF.

You can find the patch on YaBB SE website: http://www.yabbse.org/


  
Reader Rating from 1-5

 

Poor very 
1
2
3
4
5 		 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)

 Currently there are no Talkback posted on "Yabb SE SQL Injection Vulnerability", Click here to be the first to post a talkback.

 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

 OSForge News RSS Feed