This exploit demonstrates a SQL injection vulnerability in the MyPage plugin for phpBB, allowing an attacker to extract sensitive user data such as usernames and password hashes. The provided URL manipulates the 'id' parameter to perform a time-based blind SQL injection.
Classification
Working Poc 90%
Target:
phpBB MyPage plugin (all versions, including 0.2.3)
No auth needed
Prerequisites:
Access to the target phpBB forum with the MyPage plugin installed · The 'mypage.php' endpoint must be accessible