iptrack-sql.txt

2007-05-22T00:00:00
ID PACKETSTORM:56889
Type packetstorm
Reporter Packet Storm
Modified 2007-05-22T00:00:00

Description

                                        
                                            `Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which   
logs all Page hits the user of the Boards do including Referer, IP and   
Username. It contains a SQL-Injection on Admin-Level. You can get it   
from:   
http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0  
  
Steps to reproduce: Go into your ACP, select under IP-Tracking   
IP-Search, select "no" at use wildcards and enter in Search Query what   
you want. It is direct passed through the Query. As Search Type I used IP.  
  
PoC: enter  
' UNION SELECT user_password as   
ip,user_id,username,user_active,user_regdate,user_level,user_posts from   
phpbb_users#  
as Search-Query. This will display you all the hashed Userpasswords in IP  
  
`