TUCoPS :: Web :: Blogs :: b06-2800.htm

Mafia Moblog Full Path Disclosure / SQL injection
Mafia Moblog Full Path Disclosure / SQL injection
Mafia Moblog Full Path Disclosure / SQL injection



Produce : Mafia Moblog=0D
WebSite :http://mafia.pearlabs.org=0D 
Version : 6 Full and Prior=0D
Discovred By :Moroccan Security Research Team (Simo64)=0D
IMPACT  : Manipulation of data, System access=0D
=0D
[+] Full Path Disclosure :=0D
The problem is that it is possible to disclose the full path to 'big.php','upgrade.php' by accessing directly.=0D
=0D
Exemple:=0D
=0D
http://localhost/moblog/big.php=0D 
=0D
Result : =0D
=0D
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/simo64/www/moblog/templates/match plus/big.php on line 54=0D
=0D
[+] SQL Injection :=0D
=0D
Input passed to 'img' parameters in 'big.php' is not properly sanitised=0D
before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.=0D
=0D
[-] Vulnerable Code in 'templates/match plus/big.php' :=0D
****************************=0D
52  $query = "SELECT * FROM $table WHERE id=$img";=0D
53  $result = mysql_query($query);=0D
54  $row = mysql_fetch_row($result);=0D
***************************=0D
=0D
[-] Exploit : http://localhost//moblog/big.php?img=[SQL]&pg=1=0D 
=0D
	=0D
[+]Contact : Simo64@gmail.com [Moroccan Security Team] 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH