Tamber Forum versions less than or equal to 1.9.13 suffer from multiple SQL injection vulnerabilities.
fb296d26937f250ef67ea65c1d325e7d8dba39a2b8843f170df6ae0f589efd69
ENGLISH
# Title : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Author : ajann
# Exploit;
SQL INJECTİON--------------------------------------------------------
###http://[target]/[path]/show_forum.asp?frm_id=55'SQL TEXT
###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL TEXT
###http://[target]/[path]/admin/index.asp
Email address: SQL TEXT
Password: SQLTEXT
###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL TEXT
###post_message.asp
Message Subject: SQL TEXT
Message Text: SQL TEXT
.
..
.....
# ajann,Turkey
TURKISH
# Baslık : Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities
# Açığı Bulan : ajann
# Açık bulunan dosyalar;
###http://[target]/[path]/show_forum.asp?frm_id=55'SQL SORGUNUZ
###http://[target]/[path]/forum_search.asp SEARCH FOR:SQL SORGUNUZ
###http://[target]/[path]/admin/index.asp
Email address: SORGUNUZ
Password: SORGUNUZ
###http://[target]/[path]/browse_forum_cat.asp?frm_cat_id=1 SQL SORGUNUZ
###post_message.asp
Message Subject: SORGUNUZ
Message Text: SORGUNUZ
.
..
.....
Acıklama:
Kısacası bütün dosyalarda : ) bulunan filtrelem eksikliği nedeniyle dbden bilgi cekilebilmektedir.
# ajann,Turkiye