lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 May 2007 19:48:06 +0200 From: Cornelius Riemenschneider <c.r1@....de> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: SQL-Injection in IP-TRACKING Mod for phpBB2.0.x Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which logs all Page hits the user of the Boards do including Referer, IP and Username. It contains a SQL-Injection on Admin-Level. You can get it from: http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0 Steps to reproduce: Go into your ACP, select under IP-Tracking IP-Search, select "no" at use wildcards and enter in Search Query what you want. It is direct passed through the Query. As Search Type I used IP. PoC: enter ' UNION SELECT user_password as ip,user_id,username,user_active,user_regdate,user_level,user_posts from phpbb_users# as Search-Query. This will display you all the hashed Userpasswords in IP
Powered by blists - more mailing lists