New eVuln Advisory: EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities http://evuln.com/vulns/88/summary.html --------------------Summary---------------- eVuln ID: EV0088 Software: EKINboard Sowtware's Web Site: http://www.ekinboard.com/ Versions: 1.0.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Patched PoC/Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- 1. 'img' BBCode Cross-Site Scripting Vulnerability Arbitrary JavaScript code insertion is possible in BBcode [img]. 2. Cookie 'username' SQL Injection Vulnerability Vulnerable Script: config.php Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. --------------PoC/Exploit---------------------- Available at: http://evuln.com/vulns/88/exploit.html --------------Solution--------------------- Vendor-provided patch is available here: http://www.ekinboard.com/forums/v1/viewtopic.php?id=469 --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .