PHPizabi v0.848b C1 HFP3 database information exposure
An exploit exists in PHPizabi that allows a user using a specially crafted post to disclose user credentials as well as any other information within the database. Using the following format in a post to a users profile will disclose the corresponding field from that users entry in the database. {user.DATABASEFIELD}. The breakdown: template.class.php function AssignUser lines 104-108. Vulnerable code is found in line 106. So the basic process is as this. Register on PHPizabi site, post a 'comment' on the users profile whos credentials you want to obtain ie the admin. Being like so {user.password}. When viewing the profile, click the comments tab and then click 'View all comments'. This will disclose the md5 hashed password from the database.