Attila PHP 3.0 - SQL Injection Unauthorized Privileged Access Vulnerability

2014-07-01T00:00:00
ID SSV:76848
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/8502/info

An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. 

Set the URI parameter "cook_id" to the value "0 OR visiteur=1" in a request to
http://www.example.org/index.php3