MyTopix Sql Injection & Path Disclosure

Credit: trueend5
Risk: Medium
Local: No
Remote: Yes

KAPDA New advisory Vendor: Vulnerable: Version: 1.2.3 Bug: Sql Injection & Path Disclosure Exploitation: Remote with browser Description: -------------------- MyTopix is a PHP-based message board system that uses a MySQL database. Vulnerability: -------------------- -Sql Injection : The software does not properly validate user-supplied input in 'search.php'. A remote user can create specially crafted parameter values that will execute SQL commands on the underlying database. HTTP Method: GET[SQL] HTTP Method: POST method="post" action="" name="keywords" value="kapda') AS topics_score FROM my_posts p LEFT JOIN my_topics t ON t.topics_id = p.posts_topic/*" -------------------- -Path Disclosure: There is no restriction to access the includes files directly.A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path. + another Path Disclosure bug in highlight mode:') Solution: -------------------- There is no vendor supplied patch for this issue at this time. Original Advisories: -------------------- IN Farsi: Credit : -------------------- Discovered & released by trueend5 (trueend5 kapda ir) Security Science Researchers Institute Of Iran [] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top