{"id": "EDB-ID:11741", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Phenix 3.5b - SQL Injection", "description": "", "published": "2010-03-15T00:00:00", "modified": "2010-03-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/11741", "reporter": "ITSecTeam", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-08-16T09:19:56", "viewCount": 14, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "_state": {"dependencies": 1661182887, "score": 1661184847, "epss": 1678791570}, "_internal": {"score_hash": "55c0a978f254fcd94a7fa82ac7758b50"}, "sourceHref": "https://www.exploit-db.com/download/11741", "sourceData": "Dear Sir / Madam\r\nThe ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it .\r\nMore information about this bug is listed below :\r\n=======================================================================================\r\nTopic : Phenix\r\nBug type : SQL Injection\r\nAuthor : ItSecTeam\r\nRemote : Yes\r\nStatus : Bug\r\n===================== Content ======================\r\n( # Advisory Content : Phenix\r\n( # Script : http://easy-script.com/scripts-PHP/phenix-35b-5503.html\r\n( # Mail : Bug@ItSecTeam.com\r\n( # Find By : Amin Shokohi(Pejvak!)\r\n( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!\r\n( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>\r\n( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>\r\n\r\n=================================================\r\n============================================= Exploit 1 =======================================\r\n( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code\r\n----------------------------------------------------------------------------------\r\n<BUG>\r\n $DB_CX->DbQuery(\"SELECT fet_nom FROM ${PREFIX_TABLE}fetes WHERE fet_mois=***\".$moisEnCours.\"*** AND fet_jour=\".intval($jourEnCours));\r\n</Bug>\r\n----------------------------------------------------------------------------------\r\n===========================================================================================\r\n============================================= Exploit 2 =======================================\r\n( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code\r\n-----------------------------------------------------------------------------------\r\n<BUG>\r\n $DB_CX->DbQuery(\"SELECT util_nom, util_prenom, util_login, util_interface, util_debut_journee, util_fin_journee, util_telephone_vf, util_planning, util_partage_planning, util_email, util_autorise_affect, util_alert_affect, util_precision_planning, util_semaine_type, util_duree_note, util_rappel_delai, util_rappel_type, util_rappel_email FROM ${PREFIX_TABLE}utilisateur WHERE util_id=\"***.$idUser***);\r\n</<BUG>>\r\n------------------------------------------------------------------------------------\r\n==========================================================================================", "osvdbidlist": [], "exploitType": "webapps", "verified": false}
{}
Phenix 3.5b - SQL Injection