[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

phpBB "charts.php" XSS and SQL-Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpBB "charts.php" XSS and SQL-Injection
From: sn4k3.23@xxxxxxxxx
Date: 11 May 2006 21:06:03 -0000

// phpBB "charts.php" (hack) XSS and SQL-Injection //

-----------------------------------------------------------------

[~] Advisory by: LoK-Crew

[-] Exploit:
http://www.example.com/charts.php?action=vote&rate=1&id=[XSS]
http://www.example.com/charts.php?action=vote&rate=1&id=[SQL]

[-] Googledork: inurl:"charts.php" "powered by phpbb"

[+] Visit: www.LoK-Crew.de

Prev by Date: Verizon Voicewing and Linksys PAP2-VN
Next by Date: [ GLSA 200605-13 ] MySQL: Information leakage
Previous by thread: Verizon Voicewing and Linksys PAP2-VN
Next by thread: Re: phpBB "charts.php" XSS and SQL-Injection
Index(es):
- Date
- Thread