wbb-kuchler.de Cross Site Scripting vulnerability OBB-3915709

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Galerie 3.2 (pic) WBB Lite Addon Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ Galerie 3.2 pic WBB Lite Addon Blind SQL Injection Exploit ============================================================ !/usr/bin/perl Galerie 3.2 galerie.php Remote "Blind" SQL...

Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection

!/usr/bin/perl Galerie 3.2 galerie.php Remote "Blind" SQL Injection found by: J0hn.X3r exploit written by: J0hn.X3r and electron1x Date: 05.10.2008 Dork: "Galerie 3.2 © 2004 by progressive" Contact: J0hn.X3r + ICQ: 573813 + Mail: J0hn.X3ratgmail.com electron1x + Mail: electron1x at mail dot ru...

Galerie 3.2 (pic) WBB Lite Addon Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Galerie 3.2 galerie.php Remote "Blind" SQL Injection found by: J0hn.X3r exploit written by: J0hn.X3r and electron1x Date: 05.10.2008 Dork: "Galerie 3.2 © 2004 by progressive" Contact: J0hn.X3r + ICQ: 573813 + Mail: J0hn.X3ratgmail.com electron1x ...

CVE-2008-1640

CVE-2008-1640 affects the Woltlab Burning Board addon “JGS-XA JGS-Treffen” (version 2.0.2 and earlier). The vulnerability is in the file jgs_treffen.php and is triggered via the view_id parameter in an ansicht action, enabling remote attackers to execute arbitrary SQL commands (SQL injection). Th...

CVE-2008-1323

The CVE-2008-1323 entry documents a CSRF vulnerability in WoltLab Burning Board Lite (wBB) 2 Beta 1, where index.php’s ThreadDelete action can be abused by an attacker to delete threads as other users. This is triggered via forged requests, enabling unauthorized modification of data (thread delet...

CVE-2008-0472

The CVE-2008-0472 entry concerns Woltlab Burning Board (wBB) 2.3.6 PL2. The vulnerable component is modcp.php, where a cross-site request forgery (CSRF) can cause thread deletion by a moderator or administrator via a thread_del action. The exploit does not require authentication, aligning with th...

CVE-2007-6518

WoltLab Burning Board Lite 1.0.2 pl3e (search.php) contains multiple SQL injection vulnerabilities exploitable via the showposts, sortby, and sortorder parameters. Remote attackers could manipulate SQL queries, potentially impacting data confidentiality, integrity, and availability as indicated b...

CVE-2007-0812

SQL injection in pms.php of Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier; remote authenticated users can execute arbitrary SQL via pmid[0]. Affected: wBB Lite

CVE-2006-5029

The CVE-2006-5029 entry describes an SQL injection in thread.php of WoltLab Burning Board (wBB) 2.3.x, allowing remote attackers to obtain the PHP, MySQL, and wBB version numbers via the page parameter. The report notes the issue may be a forced SQL error and that the original report was disputed...

Woltlab Burning Board 2.3.X SQL Injection Vulnerability

Use it like this: http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1 Ok, its kinda useless 'cause it's an "ORDER BY", but u can see: - the PHP Version - the MySQL version - the wBB Version when it has been faked or removed Greets, 666 - www.sr-crew.de.tt...

CVE-2006-4317

CVE-2006-4317 affects WoltLab Burning Board (WBB) 2.3.5 in attachment.php. It is a cross-site scripting (XSS) vulnerability where a GIF image containing URL-encoded Javascript can be used to inject arbitrary script, with the impact described as partial confidentiality/integrity/availability in th...

CVE-2006-3255

CVE-2006-3255 affects Woltlab Burning Board (WBB) 1.2. The vulnerability is a SQL injection in showmods.php via the boardid parameter, enabling remote attackers to execute arbitrary SQL commands. Exploitation details are not provided in the available documents. Affected component is showmods.php;...

CVE-2006-3254

Woltlab Burning Board (WBB) 2.0 RC2 contains a SQL injection in newthread.php that allows remote attackers to execute arbitrary SQL commands via the boardid parameter. The vulnerability is described in CVE-2006-3254; original sources confirm the affected component and impact, but do not provide a...

CVE-2006-3256

SQL injection vulnerability in report.php of Woltlab Burning Board (WBB ) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. Root cause: likely improper input handling in the postid field. Exploitation details are not provided in the connected documents. No ...

WBB-showmods.txt

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /showmods.php?boardid=SQL...

WBB<<---v2.0 RC2 "newthread.php" SQL Injection

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /newthread.php?boardid=SQL...

WBB<<---v2.3.1"report.php" SQL Injection

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /report.php?postid=SQL...

WBB<<---v1.2 "showmods.php" SQL Injection

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:- /showmods.php?boardid=SQL...

CVE-2006-3220

CVE-2006-3220 describes a SQL injection in the file studienplatztausch.php of Woltlab Burning Board (WBB) 2.2.1. The vulnerability allows remote attackers to craft input to the sid parameter and execute arbitrary SQL commands on the backend database. The available sources confirm the affected pro...