TUCoPS :: Web :: PHP :: bx1096.htm

PHP RPG - Sql Injection and Session Information Disclosure.
PHP RPG - Sql Injection and Session Information Disclosure.
PHP RPG - Sql Injection and Session Information Disclosure.



By Michael Brooks=0D
Vulneralbity: Sql Injection and Session Information Disclosure. =0D
Homepage:http://sourceforge.net/projects/phprpg/=0D 
Verison affected 0.8.0=0D
=0D
There are two flaws that affect this applcation. A nearly vinnella login bypass issues affects phprpg.  If magic_qutoes_gpc=off then this will login an attacker as the administrator using this:=0D
username:1'or 1=1 limit 1/*=0D
password:1=0D
Keep in mind that magic_quotes_gpc is being removed in php6!=0D
=0D
The second flaw allows an attacker to steal any session registered by phprpg by navigating to this directory:=0D
http://localhost/phpRPG-0.8.0/tmp/=0D 
This is because phprpg has manually changed the directory using session_save_path() which is called in init.php on line 49. =0D
=0D
Peace

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH