Powie pFile 1.02 – ‘/pfile/file.php?id’ SQL Injection

Exploit Database
20 阅读

作者： indoushka

日期： 2012-02-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36766/

source: https://www.securityfocus.com/bid/51982/info
 
pfile is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
pfile 1.02 is vulnerable; other versions may also be affected. 

http://www.example.com/pfile/file.php?eintrag=0&filecat=0&id=%24%7[xql]

last Exploits
Powie pFile 1.02 – ‘/pfile/file.php?id’ SQL Injection的更多信息

WordPress Plugin Really Simple Guest Post 1.0.6 – Local File Inclusion：
School Attendance Monitoring System 1.0 – SQL Injection：
LimeSurvey 4.1.11 – ‘Permission Roles’ Persistent Cross-Site Scripting：
Opentel Openmairie tel 1.02 – Local File Inclusion：
LibreNMS 1.46 – ‘search’ SQL Injection：
Mini Mouse 9.2.0 – Path Traversal：
Nagios XI 5.6.1 – SQL injection：
LibreHealth 2.0.0 – Authenticated Remote Code Execution：