Computer Security

Security Advisory: [Full-disclosure] SQL-Injection in IP-TRACKING Mod for phpBB2.0.x
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

  [Full-disclosure] Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities

  RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2

  RedLevel Advisory #016 - HLstats v1.35 Cross-Site Scripting Vulnerability

From:Cornelius Riemenschneider <c.r1_(at)_gmx.de>
Date:21.05.2007
Subject:[Full-disclosure] SQL-Injection in IP-TRACKING Mod for phpBB2.0.x

Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which
logs all Page hits the user of the Boards do including Referer, IP and
Username. It contains a SQL-Injection on Admin-Level. You can get it
from:
http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&st
art=0

Steps to reproduce: Go into your ACP, select under IP-Tracking
IP-Search, select "no" at use wildcards and enter in Search Query what
you want. It is direct passed through the Query. As Search Type I used IP.

PoC: enter
' UNION SELECT user_password as
ip,user_id,username,user_active,user_regdate,user_level,user_posts from
phpbb_users#
as Search-Query. This will display you all the hashed Userpasswords in IP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru