WebBoard - exploit.company

vendor:

WebBoard

by:

t0pP8uZz

N/A

CVSS

N/A

Arbitrary SQL Question/Anwser Delete

N/A

CWE

Product Name: WebBoard

Affected Version From: 2

Affected Version To: 2

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability

WebBoard suffers from remote vulnerabilitys, included in this writeup is a method to arbitrary delete the questions and anwsers from the board. its also possible to execute sql querys once you have found a vulnerable website (shouldnt be hard from 2k+ vuln sites) modify the url below to include the victim sites domain, and change the <NUM> tags to a valid question/anwser number execute the url, and the question and anwsers will be deleted. you can also use SQL injection in replace of the <NUM> tags use load_file() to view the config file for username and passwords.

Mitigation:

N/A

Source

Exploit-DB raw data:

-[*]+================================================================================+[*]-
-[*]+	    WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability       +[*]-
-[*]+================================================================================+[*]-



[*] Discovered By: t0pP8uZz
[*] Discovered On: 20 AUGUST 2008
[*] Script Download: N/A
[*] DORK (google): "and Powered By :Sansak"



[*] Vendor Has Not Been Notified!



[*] DESCRIPTION/USAGE: 

	WebBoard suffers from remote vulnerabilitys, included in this writeup is a method to
	arbitrary delete the questions and anwsers from the board. its also possible to execute sql querys

	once you have found a vulnerable website (shouldnt be hard from 2k+ vuln sites) modify the url
	below to include the victim sites domain, and change the <NUM> tags to a valid question/anwser number
	execute the url, and the question and anwsers will be deleted.

	you can also use SQL injection in replace of the <NUM> tags use load_file() to view the config file
	for username and passwords.



[*] Vulnerability:

	http://site.com/webboard/admindel.php?action=delete&mode=question&qno=<NUM>&ano=<NUM>



[*] NOTE/TIP: 

	null



[*] GREETZ: 

	milw0rm.com, h4ck-y0u.org, Offensive-Security.com, CipherCrew !



[-] Peace...

	...t0pP8uZz !



-[*]+================================================================================+[*]-
-[*]+	    WebBoard <= 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability       +[*]-
-[*]+================================================================================+[*]-

# milw0rm.com [2008-08-25]