########################## www.BugReport.ir #######################################
#
#      		AmnPardaz Security Research Team
#
# Title: Multiple vulnerabilities in Carbon Communities forum.
# Vendor: www.carboncommunities.com
# Vulnerable Version: 2.4 and prior versions
# Exploit: Available
# Impact: High
# Fix: N/A
###################################################################################


####################
1. Description:
####################
Carbon Communities is a high powered, fully scalable, and highly customizable online portal, message boards/ bulletin board, discussion hub, Private messaging, Event Calendars, Emails and chat software rolled into one.

####################
2. Vulnerability:
####################
	2.1. There is a SQL Injection in "events.asp?id=[Injection]". By using it, attacker can gain usernames and passwords.
		2.1.1. POC:
				Check exploits section.
	2.2. There is a SQL Injection in "getpassword.asp". By using it, attacker can send any password to his/her email address.(exploit available)
		2.2.1. POC:
				Check exploits section.
	2.3. There is a SQL Injection in "option_Update.asp". By using it, attacker can update member info.(exploit available)
		2.3.1. POC:
				Check exploits section.
	2.4. There are some XSS in "login.asp" and "member_send.asp".
		2.4.1. POC:
				/login.asp?Redirect='><script>alert('XSS')</script><fake a='
				/member_send.asp?OrderBy='><script>alert('XSS')</script><fake a='
####################
3. Exploits:
####################
	URL: http://bugreport.ir/index.php?/35/exploit
####################
4. Solution:
####################
	Edit the source code to ensure that inputs are properly sanitised.
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com