CVE-2007-3051

Revokebb < 1.0_rc4 - SQL Injection via revokebb_user Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3051. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in RevokeBB <= 1.0 RC4, allowing an attacker to retrieve the password hash of a valid user by manipulating the 'rv_user' cookie. The exploit uses time-based blind SQL injection to brute-force the hash character by character.

Description

SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/4020

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in RevokeBB <= 1.0 RC4, allowing an attacker to retrieve the password hash of a valid user by manipulating the 'rv_user' cookie. The exploit uses time-based blind SQL injection to brute-force the hash character by character.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: RevokeBB <= 1.0 RC4

No auth needed

Prerequisites: Valid username · Table prefix (usually 'revokebb_') · Target server with RevokeBB <= 1.0 RC4 installed

MITRE ATT&CK