Attila PHP 3.0 - SQL Injection Unauthorized Privileged Access Vulnerability

2003-08-26T00:00:00
ID EDB-ID:23064
Type exploitdb
Reporter frog
Modified 2003-08-26T00:00:00

Description

Attila PHP 3.0 SQL Injection Unauthorized Privileged Access Vulnerability. CVE-2003-0752 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8502/info

An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. 

Set the URI parameter "cook_id" to the value "0 OR visiteur=1" in a request to
http://www.example.org/index.php3