CVE-2008-6314

phpBB Tag Board < 4.0 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6314. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit leverages a blind SQL injection vulnerability in phpBB 3 with the Mod Tag Board extension (version <= 4) to extract user password hashes via time-based inference. It iterates through possible characters and uses benchmark delays to confirm correct guesses.

Description

SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/7386

View Code ZIP pw:eip

This exploit leverages a blind SQL injection vulnerability in phpBB 3 with the Mod Tag Board extension (version <= 4) to extract user password hashes via time-based inference. It iterates through possible characters and uses benchmark delays to confirm correct guesses.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phpBB 3 with Mod Tag Board <= 4

No auth needed

Prerequisites: Target URL with vulnerable phpBB installation · Table prefix of the phpBB database · Valid user ID to extract password hash

MITRE ATT&CK