Phenix v3.5b SQL Injection Vulnerability

2010-03-15T00:00:00
ID 1337DAY-ID-11330
Type zdt
Reporter Itsecteam
Modified 2010-03-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================
Phenix v3.5b SQL Injection Vulnerability
========================================

The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic :     Phenix
Bug type : SQL Injection
Author : ItSecTeam
Remote : Yes
Status   : Bug
===================== Content ======================
( # Advisory Content : Phenix
( # Script : http://easy-script.com/scripts-PHP/phenix-35b-5503.html
( # Mail : [email protected]
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : [email protected] , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>
( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>
 
=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
----------------------------------------------------------------------------------
<BUG>
  $DB_CX->DbQuery("SELECT fet_nom FROM ${PREFIX_TABLE}fetes WHERE fet_mois=***".$moisEnCours."*** AND fet_jour=".intval($jourEnCours));
</Bug>
----------------------------------------------------------------------------------
===========================================================================================
============================================= Exploit 2 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
-----------------------------------------------------------------------------------
<BUG>
 $DB_CX->DbQuery("SELECT util_nom, util_prenom, util_login, util_interface, util_debut_journee, util_fin_journee, util_telephone_vf, util_planning, util_partage_planning, util_email, util_autorise_affect, util_alert_affect, util_precision_planning, util_semaine_type, util_duree_note, util_rappel_delai, util_rappel_type, util_rappel_email FROM ${PREFIX_TABLE}utilisateur WHERE util_id="***.$idUser***);
</<BUG>>
------------------------------------------------------------------------------------
==========================================================================================



#  0day.today [2018-02-20]  #