2180 matches found
phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id...
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
!/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id=2 is:...
phpBB < 2.0.7 Multiple Script SQL Injection
The remote host is running a version of phpBB older than 2.0.7. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user...
phpBB206.txt
phpBB v2.06 searchid sql injection exploit -Hat-Squad Security Team- Using this query you will get MD5 password hash for useruid as highlight variable for viewtopic.php in search results page.Works with mysql4. http://site.com/search.php?searchid=1%20union%20select%20concatchar...
[Hat-Squad] phpBB search_id injection exploit
Hello list, Here is the exploit code for phpbb 2.06 sql injection described in http://www.securityfocus.com/archive/1/345872 . It will return MD5 password hash of specified user as highlight variable for viewtopic.php in search results page...
phpBB 2.06 search.php SQL injection
Hello bugtraq readers, A vulnerability exists in phpBB 2.06 that could allow an attacker to manipulate SQL queries and gain administrative control over the forum. The search.php script of the application does not sufficiently sanitize the input of the "searchid" parameter. As a result of this an...
CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the searchid parameter...
XSS in & path disclosure phpBB forums
Affected versions: Dunno All? Code: http://www.phpbb.com/phpBB/search.php?searchid=3D1'scriptalert/guiler= minator20overload,20vampirun20mugroson/;/script Overview The error is like: ---------------- Could not obtain search results DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax...
sql injection in phpbb
I found a vulnerability en phpbb 2.0.5 and prior, is probably also affect 2.0.6 this bug don't affect to version 2.0.7 phpbb have a list of registereds users, when you click on a memebr of this list, you are requesting data to the database for example:...
phpBB 2.0.x - profile.php SQL Injection
phpBB 2.0.x - profile.php SQL Injection source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the...
phpBB 2.0.x - 'profile.php' SQL Injection
source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the underlying database. As a result, it is...
phpBB 2.0.6 - URL BBCode HTML Injection
phpBB 2.0.6 - URL BBCode HTML Injection source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulleti...
phpBB 2.0.6 - URL BBCode HTML Injection
source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This...
XSS vulnerability in phpBB
Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...
CVE-2003-0486
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topicid parameter...
CVE-2003-0484
Cross-site scripting XSS vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topicid parameter...
phpBB 2.0.4 Remote php File Include Exploit
No description provided by source. // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include stdio.h include sys/types.h include sys/socket.h include...
phpBB 2.0.4 Remote php File Include Exploit
Exploit for unknown platform in category web applications =========================================== phpBB 2.0.4 Remote php File Include Exploit =========================================== // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by...
phpBB 2.0.4 - PHP Remote File Inclusion
phpBB 2.0.4 - PHP Remote File Inclusion // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include include include include include int main //The socket...
phpBB 2.0.4 - PHP Remote File Inclusion
// / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include include include include include int main //The socket stuff struct hostent hp; struct sockaddrin...