CVE-2004-2754

YaBB SE - SQL Injection via ID_MEMBER Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2754. PoCs published by BaCkSpAcE.

AI-analyzed exploit summary This Java-based PoC exploits a SQL injection vulnerability in YaBB SE's SSI.php script by injecting a UNION-based query to extract the hashed password of a specified user. It iterates through each character of the password by leveraging ASCII and SUBSTRING functions.

Description

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BaCkSpAcE · javawebappsphp

https://www.exploit-db.com/exploits/23554

View Code ZIP pw:eip

This Java-based PoC exploits a SQL injection vulnerability in YaBB SE's SSI.php script by injecting a UNION-based query to extract the hashed password of a specified user. It iterates through each character of the password by leveraging ASCII and SUBSTRING functions.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: YaBB SE (likely version 1.5.4 or earlier)

No auth needed

Prerequisites: Target URL with path to YaBB SE installation · Database prefix (e.g., 'yabbse_') · Valid ID_MEMBER of the target user

MITRE ATT&CK