Phenix 3.5b – SQL Injection - 体验盒子

作者： ITSecTeam
日期： 2010-03-15
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/11741/
Dear Sir / Madam
The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic : Phenix
Bug type : SQL Injection
Author : ItSecTeam
Remote : Yes
Status : Bug
===================== Content ======================
( # Advisory Content : Phenix
( # Script : http://easy-script.com/scripts-PHP/phenix-35b-5503.html
( # Mail : Bug@ItSecTeam.com
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>
( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>

=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
----------------------------------------------------------------------------------
<BUG>
$DB_CX->DbQuery("SELECT fet_nom FROM ${PREFIX_TABLE}fetes WHERE fet_mois=***".$moisEnCours."*** AND fet_jour=".intval($jourEnCours));
</Bug>
----------------------------------------------------------------------------------
===========================================================================================
============================================= Exploit 2 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
-----------------------------------------------------------------------------------
<BUG>
 $DB_CX->DbQuery("SELECT util_nom, util_prenom, util_login, util_interface, util_debut_journee, util_fin_journee, util_telephone_vf, util_planning, util_partage_planning, util_email, util_autorise_affect, util_alert_affect, util_precision_planning, util_semaine_type, util_duree_note, util_rappel_delai, util_rappel_type, util_rappel_email FROM ${PREFIX_TABLE}utilisateur WHERE util_id="***.$idUser***);
</<BUG>>
------------------------------------------------------------------------------------
==========================================================================================