phpGB 1.x - SQL Injection

EDB-ID:

21778

CVE:

2002-1482

EDB Verified:

Author:

ppp-design

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2002-09-09

Vulnerable App: 
source: https://www.securityfocus.com/bid/5673/info

phpGB is vulnerable to a SQL injection vulnerability.

The cause of the issue is that the bulletin board relies on the PHP magic_quotes_gpc directive to sanitize variables that are used in SQL queries.

If magic_quotes_gpc is not enabled, then it will be possible for attackers to mount SQL injection attacks through the gestbook. SQL injection may allow attackers to corrupt the database. It is also possible to exploit this issue to gain administrative guestbook privileges.

Use an existing administrator name (default is admin) and use the
following password:
"' OR 'a'='a"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services