PHPAccess SQL Injection Vulnerability

2010-06-09T00:00:00
ID 1337DAY-ID-12614
Type zdt
Reporter L0rd CrusAd3r
Modified 2010-06-09T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================
PHPAccess SQL Injection Vulnerability
=====================================


Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:PHPAccess SQLi Vulnerability
Version:n/a
Vendor url:http://www.krizleebear.de
Published: 2010-06-09
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue??, S1ayer,d3c0d3r and to all ICW members

#####################################################################################################################################################################################################

Description:

PHPAccess allows you to easily safe your Website against unallowed access.
It offers an intuitive and easy-to-use user-interface that displays current information and possible actions on one page.
You don't have to know anything about the complex unix-htaccess-system nor do you have to create the .htaccess- / .htpasswd-files.
PHPAccess does this job for you. You even don't have to know the absolute path to your website - PHP finds this information automatically.
With PHPAccess you can add, modify and delete the users that have access to your data.
All you have to do is upload the PHPAccess-file, give it the correct file-permissions (via ftp-proggie) and start PHPAccess in your web-browser.
#######################################################################################################################################################################################################

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://www.krizleebear.de/phpaccess/dynamisch/index.php

# 0day n0 m0re #



#  0day.today [2018-01-04]  #