PHPAccess – SQL Injection

• Exploit Database
• 11 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13803/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title:PHPAccess SQLi Vulnerability
  Version:n/a
  Vendor url:http://www.krizleebear.de
  Published: 2010-06-09
  Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all
  ICW members
  ############################################################################################################
  
  
  PHPAccess SQLi Vulnerability
  
  Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  
  ############################################################################################################
  
  Description:
  
  PHPAccess allows you to easily safe your Website against unallowed access.
  It offers an intuitive and easy-to-use user-interface that displays current
  information and possible actions on one page.
  You don't have to know anything about the complex unix-htaccess-system nor
  do you have to create the .htaccess- / .htpasswd-files.
  PHPAccess does this job for you. You even don't have to know the absolute
  path to your website - PHP finds this information automatically.
  With PHPAccess you can add, modify and delete the users that have access to
  your data.
  All you have to do is upload the PHPAccess-file, give it the correct
  file-permissions (via ftp-proggie) and start PHPAccess in your web-browser.
  ###########################################################################################################
  
  Vulnerability:
  
  *SQLi Vulnerability
  
  DEMO URL :http://server/phpaccess/dynamisch/index.php