OSVDB ID: 18981

Title: PunkBuster Screenshot Database Login Form Multiple Field SQL Injection

Info

Disclosure

Feb 19, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

PunkBuster has been repoted to contain a flaw allowing SQL injection attacks. The initial disclosure contains several discrepancies that suggest this is a fake advisory. Preliminary source code checks do not find mention of the variables mentioned, the vendor URL provided is for an add-on product and the e-mail address supposedly contacted is not referenced on the vendor page or distribution.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unavailable
OSVDB: Web Related, Myth/Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

PB-DB

Alpha 6

References

Security Tracker: 1009145
ISS X-Force ID: 15267
CVE ID: 2004-2340 (see also: NVD)
Bugtraq ID: 9697
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0528.html
Vendor URL: http://pbdb.sourceforge.net/
Keyword: Timberlake Advisory 200402181e-03

Credit

Just1n T1mberlake - hotpacketshellokitty.com -

Direct URL: http://osvdb.org/36218