Description: An input validation vulnerability was reported in the phpBB Notes Mod. A remote user can inject SQL commands.
The 'posting_notes.php' does not properly validate user-supplied input in the 'post_id' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
A demonstration exploit URL is provided:
http://[target]/posting_notes.php?mode=editpost &p=-99%20UNION%20SELECT%200,0, username,0,0,0,0,0,0%20FROM%20orionphpbb_users%20WHERE%20user_id=2/*
The 'editpost' function and other functions are affected.
James Bercegay of the GulfTech Security Research Team reported this vulnerability.
Impact: A remote user can execute SQL commands on the underlying database.
Solution: No solution was available at the time of this entry.