-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: [void.at SA] YaBB SE SQL Injection Bugs [void.at Security Advisory VSA0306] YaBB SE is a web based forum written in PHP. Overview - -------- Due to sql injection bugs, it is possible for an remote user without an account to get access to user accounts by resetting or excplicit setting a password Affected Versions - ----------------- 1.4.1 possibly others Details - ------- see Reminder.php Solution - -------- To fix this bug enable magic_rpc in your php.ini or filter the user input for special characters Exploit - ------- There are two ways to exploit this vulnerability * Reset User Password Vulnerability http://www.myserver.com/yabbse/Reminder.php?searchtype=esearch&user=[yourusername]'%20or%20memberName='[otherusername] * Set Any User Password Vulnerability You can only set the Password for user that has been added after your account, because of the SQL structure. Discovered by - - ------------- crew@void.at Credits - ------- void.at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj4fZQkACgkQzxi8qAgTjUOM+gCfRbRObKdDQ155OmG7rkGc1HNM nn4AoJDBOElOqbKSA2MJJ5R/AqhnyVJm =3q3M -----END PGP SIGNATURE-----
