CVE-2005-1642

Woltlab Burning Board 2.x and earlier - SQL Injection via Email Verification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1642. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup describes an SQL injection vulnerability in Burning Board's verify_email() function, where the $email parameter is not properly sanitized, allowing attackers to query arbitrary database information, including admin password hashes. The vulnerability can be exploited without authentication by injecting malicious SQL into the email field during registration or profile updates.

Description

SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43825

View Code ZIP pw:eip

The writeup describes an SQL injection vulnerability in Burning Board's verify_email() function, where the $email parameter is not properly sanitized, allowing attackers to query arbitrary database information, including admin password hashes. The vulnerability can be exploited without authentication by injecting malicious SQL into the email field during registration or profile updates.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Burning Board <= 2.3.1

No auth needed

Prerequisites: Access to the registration or profile update page

MITRE ATT&CK