CVE-2008-6970

UBB.threads < 7.3.1 - SQL Injection via Forum[] Array Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6970. PoCs published by GulfTech Security, KyomaHooin.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in UBB.threads by manipulating the 'Forum[]' parameter to extract user passwords from the database. The payload uses UNION-based SQLi to bypass input sanitization and retrieve sensitive data.

Description

SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/32347

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in UBB.threads by manipulating the 'Forum[]' parameter to extract user passwords from the database. The payload uses UNION-based SQLi to bypass input sanitization and retrieve sensitive data.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: UBB.threads 7.3.1 and prior

No auth needed

Prerequisites: Access to the vulnerable UBB.threads application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by KyomaHooin · poc

https://github.com/KyomaHooin/CVE-2008-6970

View Code ZIP pw:eip

This repository contains a functional shell script that exploits a blind SQL injection vulnerability in UBB.threads 7.3.1 via the dosearch.php endpoint. The script brute-forces the MD5 password hash for a given user ID by leveraging a parameter input validation flaw.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: UBB.threads 7.3.1

Auth required

Prerequisites: Valid credentials for authentication · Access to the target UBB.threads instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44976

Vendor Advisory x_refsource_confirm

http://www.ubbcentral.com/forums/ubbthreads.php/topics/216722/

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/47954

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31074

Exploit x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00130-09082008

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31804

Scores

EPSS 0.0725

EPSS Percentile 93.5%

Details

CWE

CWE-89

Status published

Products (31)

ubbcentral/ubb.threads 3.4

ubbcentral/ubb.threads 3.5

ubbcentral/ubb.threads 5.0

ubbcentral/ubb.threads 5.5.1

ubbcentral/ubb.threads 6.0

ubbcentral/ubb.threads 6.0.1

ubbcentral/ubb.threads 6.0.2

ubbcentral/ubb.threads 6.0.3

ubbcentral/ubb.threads 6.1

ubbcentral/ubb.threads 6.1.1

... and 21 more

Published Aug 13, 2009

Tracked Since Feb 18, 2026