Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: 4 Aug 2005 12:36:51 -0000
From: [email protected]
To: [email protected]
Subject: SQL IN PortailPHP
X-Virus-Scanned: antivirus-gw at tyumen.ru


Class:  Input Validation Error  
CVE:  CVE-MAP-NOMATCH 
Remote:  Yes 
Local: yes
Credit: ABDUCTER   ---> [email protected] [OR] [email protected]
Vulnerable: PortailPHP 2.4 and all version
***************************************

info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/
  there is sql in index.php
***************************************

discussion :- sql in indwx.php make an error in database and appear full path informathion like
that (Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 34 in /home/httpd/vhosts/***/httpdocs/portailphp/mod_forum/read_mess.php on line 14)
****************************************

exploit:- index.php?affiche=Forum-read_mess&id=[sql]
         example www.victim.com/portailphp/index.php?affiche=Forum-read_mess&id='
*****************************************
CREDITS :- FOR ALL ARAB {EGYPT}
           WWW.S4A.CC
           TO MY LOVE (N0N0)

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: