Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SQL IN PortailPHP

From: ABDUCTER_MINDS () YAHOO COM
Date: 4 Aug 2005 12:36:51 -0000

Class:  Input Validation Error  
CVE:  CVE-MAP-NOMATCH 
Remote:  Yes 
Local: yes
Credit: ABDUCTER   ---> ABDUCTER_MINDS () YAHOO COM [OR] ABDUCTER_MINDS76 () HOTMAIL COM
Vulnerable: PortailPHP 2.4 and all version
***************************************

info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/
  there is sql in index.php
***************************************

discussion :- sql in indwx.php make an error in database and appear full path informathion like
that (Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 34 in 
/home/httpd/vhosts/***/httpdocs/portailphp/mod_forum/read_mess.php on line 14)
****************************************

exploit:- index.php?affiche=Forum-read_mess&id=[sql]
         example www.victim.com/portailphp/index.php?affiche=Forum-read_mess&id='
*****************************************
CREDITS :- FOR ALL ARAB {EGYPT}
           WWW.S4A.CC
           TO MY LOVE (N0N0)
Previous By Date Next
Previous By Thread Next

Current thread: