Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability

🗓️ 26 Aug 2008 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 12 Views

WebBoard 2.0 Arbitrary SQL Delete Vulnerabilit

Code

                                                -[*]+================================================================================+[*]-
-[*]+	    WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability       +[*]-
-[*]+================================================================================+[*]-



[*] Discovered By: t0pP8uZz
[*] Discovered On: 20 AUGUST 2008
[*] Script Download: N/A
[*] DORK (google): "and Powered By :Sansak"



[*] Vendor Has Not Been Notified!



[*] DESCRIPTION/USAGE: 

	WebBoard suffers from remote vulnerabilitys, included in this writeup is a method to
	arbitrary delete the questions and anwsers from the board. its also possible to execute sql querys

	once you have found a vulnerable website (shouldnt be hard from 2k+ vuln sites) modify the url
	below to include the victim sites domain, and change the <NUM> tags to a valid question/anwser number
	execute the url, and the question and anwsers will be deleted.

	you can also use SQL injection in replace of the <NUM> tags use load_file() to view the config file
	for username and passwords.



[*] Vulnerability:

	http://site.com/webboard/admindel.php?action=delete&mode=question&qno=<NUM>&ano=<NUM>



[*] NOTE/TIP: 

	null



[*] GREETZ: 

	milw0rm.com, h4ck-y0u.org, Offensive-Security.com, CipherCrew !



[-] Peace...

	...t0pP8uZz !



-[*]+================================================================================+[*]-
-[*]+	    WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability       +[*]-
-[*]+================================================================================+[*]-

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2008 00:00Current
7.1High risk
Vulners AI Score7.1
webboard 2.0arbitrarysqldeletevulnerabilityremoteexecuteinjectionsiteadminconfigurationmilw0rmh4ck-y0uoffensive-securityciphercrew
12